Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1560173
MD5:ec1c70253b8b244e9a71d54d6b7a917c
SHA1:2a4e57c4c91e7d050205ce1cd845d5e8b7b3c197
SHA256:75c02ef78aac8f7fb0fc0bca6825df1045e57445d6aeb373f4ad010c22922cce
Tags:exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

  • System is w10x64
  • file.exe (PID: 4320 cmdline: "C:\Users\user\Desktop\file.exe" MD5: EC1C70253B8B244E9A71D54D6B7A917C)
    • taskkill.exe (PID: 6488 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6204 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5860 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 4276 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6004 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 3572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 2820 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 5880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 1272 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 2992 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 3620 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 6156 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2196 -parentBuildID 20230927232528 -prefsHandle 2132 -prefMapHandle 2124 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ee1dab7-f32b-4025-b591-a5b59c3dd1bf} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" 1a93e66f310 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7728 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4292 -parentBuildID 20230927232528 -prefsHandle 4284 -prefMapHandle 1812 -prefsLen 26395 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4de74356-ab29-421f-accc-57ed584a4147} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" 1a94decfd10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 984 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5044 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3288 -prefMapHandle 5040 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c3e6a35-4447-4030-865b-29b5ac416484} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" 1a950216310 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Process Memory Space: file.exe PID: 4320JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security
    No Sigma rule has matched
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: file.exeReversingLabs: Detection: 31%
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
    Source: file.exeJoe Sandbox ML: detected
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49717 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49718 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49728 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49755 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49754 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49768 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49769 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49789 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49795 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.5:49796 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49803 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49801 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49802 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49804 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49870 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49869 version: TLS 1.2
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2256427424.000001A94E39F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2254494437.000001A94E399000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2256427424.000001A94E39F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2254494437.000001A94E399000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00C4DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1C2A2 FindFirstFileExW,0_2_00C1C2A2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C568EE FindFirstFileW,FindClose,0_2_00C568EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00C5698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00C4D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00C4D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C59642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00C59642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00C5979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C59B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00C59B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C55C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00C55C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 227MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 151.101.1.91 151.101.1.91
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_00C5CE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000E.00000003.2327622908.000039B9F2803000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: #5*://www.facebook.com/*Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: #5*://www.youtube.com/*Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: #5www.facebook.comZ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2327622908.000039B9F2803000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2327622908.000039B9F2803000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/*Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/*Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2332265062.000001A95939D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2335380199.000001A950241000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2297168384.000001A95A7E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2300603895.000001A95A472000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304528805.000001A95674F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2332265062.000001A9593C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2303410028.000001A959EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2332052054.000001A959EF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2300603895.000001A95A472000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304528805.000001A95674F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2332265062.000001A9593C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2175733834.000001A950766000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2346924041.000001A94F5D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2332265062.000001A95939D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2335380199.000001A950241000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2297168384.000001A95A7E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `|(https://www.facebook.com/Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `|(https://www.youtube.com/Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2300603895.000001A95A472000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304528805.000001A95674F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2332265062.000001A9593C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2300603895.000001A95A472000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2304528805.000001A95674F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2332265062.000001A9593C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000011.00000002.3337595092.000001EB30303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3337911270.00000146D440C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000011.00000002.3337595092.000001EB30303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3337911270.00000146D440C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000011.00000002.3337595092.000001EB30303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3337911270.00000146D440C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2348231875.000001A95A7A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2297277785.000001A95A7AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://bfdd6cf3-6cd6-4fa2-bc72-2c3d2e7d20f8/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2175733834.000001A950766000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2346924041.000001A94F5D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.comZ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2335380199.000001A950241000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2297168384.000001A95A7E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.comZ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2346872028.000001A94FA27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335848893.000001A94FFDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2347746984.000001A94EA88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000E.00000003.2175990130.000001A94FB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
    Source: firefox.exe, 0000000E.00000003.2175990130.000001A94FB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
    Source: firefox.exe, 0000000E.00000003.2175990130.000001A94FB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
    Source: firefox.exe, 0000000E.00000003.2175990130.000001A94FB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000E.00000003.2210403051.000001A94E36F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000E.00000003.2215013872.000001A94E389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000E.00000003.2210403051.000001A94E36F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: firefox.exe, 0000000E.00000003.2296641278.000001A94A47D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2326796939.000001A94A47D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2210403051.000001A94E36F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000E.00000003.2215013872.000001A94E389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2210403051.000001A94E36F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000E.00000003.2316998662.000001A95A4C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000E.00000003.2344764557.000001A957A84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000E.00000003.2299863628.000001A95A4ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2300116968.000001A95A494000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000E.00000003.2299863628.000001A95A4ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2300116968.000001A95A494000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000E.00000003.2175881013.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2164723421.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
    Source: firefox.exe, 0000000E.00000003.2306974854.000001A95617C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A956182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListenerUseOfReleaseEventsWarningUse
    Source: firefox.exe, 0000000E.00000003.2175881013.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2164723421.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306974854.000001A95617C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A956182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
    Source: firefox.exe, 0000000E.00000003.2280998556.000001A94EDA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000E.00000003.2327748751.000029BB87704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
    Source: firefox.exe, 0000000E.00000003.2327748751.000029BB87704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/0S
    Source: firefox.exe, 0000000E.00000003.2171549400.000001A9519BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295171799.000001A94F888000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2186174915.000001A94FD97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2347926538.000001A94DBD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311344258.000001A9508D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2188291216.000001A94F8C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160224426.000001A94E0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171549400.000001A9519B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2312686614.000001A950091000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2319006228.000001A94F8A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2159251027.000001A94E0CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323260233.000001A94E08B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171549400.000001A951981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2140366669.000001A94ECE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2186174915.000001A94FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249454829.000001A94ECDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275346977.000001A94E07F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2337693877.000001A94E866000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308208371.000001A9519B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2174233361.000001A9508D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271405463.000001A950118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000E.00000003.2327748751.000029BB87704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/Z
    Source: firefox.exe, 0000000E.00000003.2210403051.000001A94E36F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000E.00000003.2210403051.000001A94E36F000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000E.00000003.2215013872.000001A94E389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000E.00000003.2296641278.000001A94A47D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2326796939.000001A94A47D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
    Source: firefox.exe, 0000000E.00000003.2305671816.000001A956339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
    Source: firefox.exe, 0000000E.00000003.2305671816.000001A956339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000E.00000003.2296641278.000001A94A47D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2326796939.000001A94A47D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
    Source: firefox.exe, 0000000E.00000003.2296641278.000001A94A47D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2326796939.000001A94A47D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000E.00000003.2352858369.000001A958C72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000E.00000003.2175990130.000001A94FB80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
    Source: firefox.exe, 0000000E.00000003.2299542645.000001A95A582000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 00000011.00000003.2160620972.000001EB3103D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2161452076.000001EB3103D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3343266183.000001EB3103D000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000E.00000003.2305671816.000001A956339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.2305671816.000001A956339000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000E.00000003.2346493939.000001A94FA4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 0000000E.00000003.2124884903.000001A94E600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2125399694.000001A94E838000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126224615.000001A94E86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2125063327.000001A94E81D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126108427.000001A94E853000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000E.00000003.2309003551.000001A951919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000E.00000003.2305889307.000001A956331000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000E.00000003.2334667792.000001A9562B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306621055.000001A9562AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 0000000E.00000003.2305271803.000001A956353000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2294236303.000001A94EE20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316998662.000001A95A494000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289310171.000001A95A6E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2200468598.000001A95A6E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2283270104.000001A95A6E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278305467.000001A94EE1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2300116968.000001A95A494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2347926538.000001A94DBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000E.00000003.2335848893.000001A94FFC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 0000000E.00000003.2346872028.000001A94FA27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2347746984.000001A94EA88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2346493939.000001A94FA4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
    Source: firefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.comZ
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A956612000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349351325.000001A956648000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171015596.000001A956648000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000E.00000003.2353109666.000001A9563F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305271803.000001A9563F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2345777461.000001A9563F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A9563F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2332265062.000001A95939D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335380199.000001A95020E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000010.00000002.3338844237.0000021C14DE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3337595092.000001EB303EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341832685.00000146D4704000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
    Source: firefox.exe, 00000010.00000002.3338844237.0000021C14DE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3337595092.000001EB303EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341832685.00000146D4704000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
    Source: firefox.exe, 0000000E.00000003.2332265062.000001A95939D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000E.00000003.2192240991.000001A94F965000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2190668853.000001A94F91E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000E.00000003.2190668853.000001A94F92B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2192240991.000001A94F965000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000E.00000003.2192240991.000001A94F965000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2190668853.000001A94F91E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000E.00000003.2192240991.000001A94F965000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000E.00000003.2192240991.000001A94F965000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2190668853.000001A94F91E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000E.00000003.2306834318.000001A956282000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 0000000E.00000003.2306834318.000001A956282000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 0000000E.00000003.2306834318.000001A956282000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 0000000E.00000003.2306834318.000001A956282000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 0000000E.00000003.2190668853.000001A94F92B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2192240991.000001A94F965000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2190668853.000001A94F91E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000E.00000003.2312686614.000001A950091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 0000000E.00000003.2192240991.000001A94F965000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2190668853.000001A94F91E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000E.00000003.2192240991.000001A94F965000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2190668853.000001A94F91E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000E.00000003.2192240991.000001A94F965000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2190668853.000001A94F91E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000E.00000003.2170507147.000001A956692000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126224615.000001A94E86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126368906.000001A94E88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2125063327.000001A94E81D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126108427.000001A94E853000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000E.00000003.2169787623.000001A9567AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000010.00000002.3338844237.0000021C14DE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3337595092.000001EB303EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341832685.00000146D4704000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 00000010.00000002.3338844237.0000021C14DE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3337595092.000001EB303EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341832685.00000146D4704000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
    Source: firefox.exe, 0000000E.00000003.2305271803.000001A956370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A95637C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2341540644.000001A95637C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2306621055.000001A9562AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A9563D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305271803.000001A9563D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000E.00000003.2335848893.000001A94FFC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.2175881013.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2164723421.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
    Source: firefox.exe, 0000000E.00000003.2306974854.000001A95617C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A956182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
    Source: firefox.exe, 0000000E.00000003.2341920467.000001A956182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
    Source: firefox.exe, 0000000E.00000003.2175881013.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2164723421.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
    Source: firefox.exe, 0000000E.00000003.2306974854.000001A95617C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A956182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
    Source: firefox.exe, 0000000E.00000003.2175881013.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2164723421.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
    Source: firefox.exe, 0000000E.00000003.2306974854.000001A95617C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A956182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
    Source: firefox.exe, 0000000E.00000003.2175881013.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2164723421.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
    Source: firefox.exe, 0000000E.00000003.2306974854.000001A95617C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A95617C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
    Source: firefox.exe, 0000000E.00000003.2184776828.000001A94FD8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000E.00000003.2333577876.000001A957A51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2125063327.000001A94E81D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126108427.000001A94E853000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2346282791.000001A94FF44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
    Source: firefox.exe, 0000000E.00000003.2161026465.000001A9564F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/y
    Source: firefox.exe, 0000000E.00000003.2296641278.000001A94A47D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2326796939.000001A94A47D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2175881013.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2164723421.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306974854.000001A95617C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A956182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
    Source: firefox.exe, 00000012.00000002.3337911270.00000146D4413000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2167299931.000001A94EDD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2167537683.000001A94EDC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2165341239.000001A94EDD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2165341239.000001A94EDCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000E.00000003.2317819990.000001A959FE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2348431316.000001A959FA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317819990.000001A959FA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2331600131.000001A959FA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2348431316.000001A959FE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2348431316.000001A959FE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 00000012.00000002.3337911270.00000146D4413000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000011.00000002.3337595092.000001EB303C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3337911270.00000146D44C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000011.00000002.3337595092.000001EB303C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3337911270.00000146D44C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 00000011.00000002.3337595092.000001EB3032F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3337911270.00000146D4430000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000E.00000003.2339684930.000001A95A25A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351926243.000001A95A288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2319541961.000001A94ECA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2305271803.000001A956370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A95637C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 0000000E.00000003.2339684930.000001A95A25A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351926243.000001A95A288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2319541961.000001A94ECA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2305271803.000001A956370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A95637C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 0000000E.00000003.2319541961.000001A94ECA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2305271803.000001A956370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A95637C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 0000000E.00000003.2339684930.000001A95A25A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351926243.000001A95A288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2319541961.000001A94ECA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2305271803.000001A956370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A95637C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 0000000E.00000003.2339684930.000001A95A25A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351926243.000001A95A288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2319541961.000001A94ECA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2305271803.000001A956370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A95637C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 0000000E.00000003.2319541961.000001A94ECA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2305271803.000001A956370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A95637C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 0000000E.00000003.2339684930.000001A95A25A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351926243.000001A95A288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2319541961.000001A94ECA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2305271803.000001A956370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A95637C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 00000011.00000002.3337595092.000001EB303C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3337911270.00000146D44C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000E.00000003.2306974854.000001A95618F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171267914.000001A956192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A95618F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000E.00000003.2339684930.000001A95A25A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351926243.000001A95A288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2319541961.000001A94ECA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2305271803.000001A956370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A95637C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 0000000E.00000003.2305271803.000001A956370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A95637C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 00000011.00000002.3337595092.000001EB303C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3337911270.00000146D44C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000E.00000003.2306974854.000001A95618F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171267914.000001A956192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A95618F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000E.00000003.2306974854.000001A95618F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171267914.000001A956192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A95618F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000E.00000003.2306974854.000001A95618F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171267914.000001A956192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A95618F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000E.00000003.2176441098.000001A94FB4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/cfworker
    Source: firefox.exe, 0000000E.00000003.2168062845.000001A94E0E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2159608401.000001A94E0D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160224426.000001A94E0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2159251027.000001A94E0CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274970481.000001A94E0E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000E.00000003.2168062845.000001A94E0E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2159608401.000001A94E0D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160224426.000001A94E0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2159251027.000001A94E0CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274970481.000001A94E0E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000E.00000003.2124884903.000001A94E600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2125399694.000001A94E838000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126224615.000001A94E86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2125063327.000001A94E81D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126108427.000001A94E853000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000E.00000003.2306834318.000001A956282000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 0000000E.00000003.2306834318.000001A956282000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 0000000E.00000003.2306974854.000001A95618F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171267914.000001A956192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A95618F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 0000000E.00000003.2306834318.000001A956282000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000E.00000003.2327622908.000039B9F2803000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000E.00000003.2305271803.000001A956370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A95637C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000E.00000003.2297277785.000001A95A775000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 00000011.00000002.3337595092.000001EB303BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3337911270.00000146D44F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000E.00000003.2332265062.000001A95939D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/b0d58ad7-3671-43ed-b6d5-91559
    Source: firefox.exe, 0000000E.00000003.2316389541.000001A95A5BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317819990.000001A959F1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/7755ad51-2370-4623-
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2346924041.000001A94F5DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/ae04dde8-69a1-49f8-
    Source: firefox.exe, 0000000E.00000003.2297168384.000001A95A7E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2335380199.000001A95020E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2297277785.000001A95A7AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2299542645.000001A95A582000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/9670a20f-c1ca-4702-a7ea-ecbb
    Source: firefox.exe, 0000000E.00000003.2335380199.000001A95020E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/135c0535-e1b8-4c5f
    Source: firefox.exe, 0000000E.00000003.2335380199.000001A95020E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/de724eb3-54a4-4acc
    Source: firefox.exe, 00000012.00000002.3337911270.00000146D44F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submitg
    Source: firefox.exe, 0000000E.00000003.2306974854.000001A95618F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171267914.000001A956192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A95618F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2304528805.000001A956786000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163379875.000001A9567A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340664189.000001A95678F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169787623.000001A9567AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000E.00000003.2175531851.000001A9507A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2164163327.000001A9506D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 0000000E.00000003.2309003551.000001A951919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000E.00000003.2309003551.000001A951919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000E.00000003.2296641278.000001A94A47D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2326796939.000001A94A47D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
    Source: firefox.exe, 0000000E.00000003.2296641278.000001A94A47D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2326796939.000001A94A47D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
    Source: firefox.exe, 00000010.00000002.3338844237.0000021C14D72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3337595092.000001EB30386000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3337911270.00000146D448F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000E.00000003.2296641278.000001A94A47D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2326796939.000001A94A47D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000E.00000003.2305271803.000001A956370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2340664189.000001A95678F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2341920467.000001A95618F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 0000000E.00000003.2335380199.000001A95020E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
    Source: firefox.exe, 0000000E.00000003.2126108427.000001A94E853000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2184776828.000001A94FD8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2336545394.000001A94FF81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2346924041.000001A94F5D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
    Source: firefox.exe, 0000000E.00000003.2346924041.000001A94F5D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000E.00000003.2164574552.000001A950627000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 00000012.00000002.3337911270.00000146D4413000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000E.00000003.2332052054.000001A959EF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000E.00000003.2305271803.000001A956370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A95637C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 0000000E.00000003.2305271803.000001A956370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A95637C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 0000000E.00000003.2306974854.000001A95618F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2352858369.000001A958C72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171267914.000001A956192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A95618F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3337595092.000001EB303BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3337911270.00000146D44F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 0000000E.00000003.2346493939.000001A94FA4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 0000000E.00000003.2346872028.000001A94FA27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2347746984.000001A94EA88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2346493939.000001A94FA4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000E.00000003.2175733834.000001A950766000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317819990.000001A959F25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000E.00000003.2312045457.000001A9502E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 0000000E.00000003.2296229453.000001A95AAB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2307985783.000001A9519E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316389541.000001A95A5B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000E.00000003.2332052054.000001A959EF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000E.00000003.2164723421.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
    Source: firefox.exe, 0000000E.00000003.2306974854.000001A95617C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A95617C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
    Source: firefox.exe, 0000000E.00000003.2306974854.000001A95617C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A95617C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
    Source: firefox.exe, 0000000E.00000003.2288305829.000001A950B6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000E.00000003.2332052054.000001A959EF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 0000000E.00000003.2341920467.000001A956182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
    Source: firefox.exe, 0000000E.00000003.2341920467.000001A956182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
    Source: firefox.exe, 0000000E.00000003.2341920467.000001A956182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
    Source: firefox.exe, 0000000E.00000003.2341920467.000001A95618D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000E.00000003.2347926538.000001A94DBD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2347926538.000001A94DBB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
    Source: firefox.exe, 0000000E.00000003.2306621055.000001A9562AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/Z
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000E.00000003.2346924041.000001A94F59D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000E.00000003.2306974854.000001A95618F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171267914.000001A956192000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A95618F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306414384.000001A9562DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000E.00000003.2306621055.000001A9562AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000010.00000002.3338844237.0000021C14DE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3337595092.000001EB303EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341832685.00000146D4704000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
    Source: firefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/Z
    Source: firefox.exe, 0000000E.00000003.2169787623.000001A9567AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 00000010.00000002.3338844237.0000021C14DE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3337595092.000001EB303EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341832685.00000146D4704000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 0000000E.00000003.2169787623.000001A9567AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000E.00000003.2341920467.000001A956115000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000E.00000003.2160855230.000001A95659B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2159251027.000001A94E0CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000E.00000003.2124884903.000001A94E600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2125399694.000001A94E838000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126224615.000001A94E86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126368906.000001A94E88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2125063327.000001A94E81D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126108427.000001A94E853000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000E.00000003.2124884903.000001A94E600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185998000.000001A9500EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2125399694.000001A94E838000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185421218.000001A9500EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184537969.000001A9500EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282095647.000001A9500EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2258219886.000001A9500EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126224615.000001A94E86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126368906.000001A94E88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185241009.000001A9500EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2125063327.000001A94E81D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126108427.000001A94E853000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2346924041.000001A94F59D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 0000000E.00000003.2346924041.000001A94F59D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
    Source: firefox.exe, 0000000E.00000003.2175990130.000001A94FB7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2176153739.000001A94FB60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2332052054.000001A959EF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
    Source: firefox.exe, 0000000E.00000003.2167299931.000001A94EDD3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2167537683.000001A94EDC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2165341239.000001A94EDD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000E.00000003.2332052054.000001A959EF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
    Source: firefox.exe, 0000000E.00000003.2312045457.000001A9502E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.14.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.2303410028.000001A959EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2352511471.000001A959EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2332052054.000001A959EF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
    Source: firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Z
    Source: firefox.exe, 0000000E.00000003.2312045457.000001A9502E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2332052054.000001A959EF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 0000000E.00000003.2303410028.000001A959EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2352511471.000001A959EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2332052054.000001A959EF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
    Source: firefox.exe, 00000011.00000002.3337595092.000001EB303C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3337911270.00000146D44F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.2339684930.000001A95A25A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2351926243.000001A95A288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2319541961.000001A94ECA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
    Source: firefox.exe, 0000000E.00000003.2305271803.000001A956370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A95637C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000010.00000002.3338844237.0000021C14DC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/US
    Source: firefox.exe, 0000000E.00000003.2305271803.000001A956370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A95637C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 0000000E.00000003.2303410028.000001A959EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2352511471.000001A959EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2332052054.000001A959EF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.2309003551.000001A951919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306414384.000001A9562DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000E.00000003.2332052054.000001A959EF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/Z
    Source: firefox.exe, 0000000E.00000003.2346924041.000001A94F59D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
    Source: firefox.exe, 0000000E.00000003.2327622908.000039B9F2803000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 0000000E.00000003.2332052054.000001A959EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3337595092.000001EB30303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3337911270.00000146D440C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z
    Source: firefox.exe, 0000000E.00000003.2306414384.000001A9562DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 0000000E.00000003.2175881013.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2164723421.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306974854.000001A95617C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A956182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
    Source: firefox.exe, 0000000E.00000003.2175990130.000001A94FB74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000E.00000003.2311017396.000001A950ADF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A95618F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.14.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000011.00000002.3335400006.000001EB30140000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.co
    Source: firefox.exe, 00000012.00000002.3341367495.00000146D45C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.coRw
    Source: firefox.exe, 0000000E.00000003.2175990130.000001A94FB74000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2195794434.000001A95A6F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2208680293.000001A95A693000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3336936573.0000021C14A60000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3336936573.0000021C14A6A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3341706927.0000021C14E74000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3335400006.000001EB30144000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3334496824.000001EB2FFE0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3334496824.000001EB2FFEA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3336372219.00000146D411A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341367495.00000146D45C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 00000012.00000002.3336372219.00000146D4110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd%M1
    Source: firefox.exe, 0000000C.00000002.2111972422.0000025FA6870000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2117608690.00000256A1909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000012.00000002.3336372219.00000146D411A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd1M14
    Source: firefox.exe, 00000010.00000002.3336936573.0000021C14A60000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3341706927.0000021C14E74000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3335400006.000001EB30144000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3334496824.000001EB2FFE0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3336372219.00000146D4110000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341367495.00000146D45C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: firefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.comZ
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
    Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
    Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49717 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49718 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49728 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49755 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49754 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49768 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49769 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49789 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49795 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.5:49796 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49803 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49801 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49802 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49804 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49870 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49869 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00C5EAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00C5ED6A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00C5EAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_00C4AA57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C79576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00C79576

    System Summary

    barindex
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: file.exe, 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_629413e0-c
    Source: file.exe, 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_529990ac-7
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_0f80d96b-a
    Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_e24a3e8e-8
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001EB30892377 NtQuerySystemInformation,17_2_000001EB30892377
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001EB308B3DF2 NtQuerySystemInformation,17_2_000001EB308B3DF2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_00C4D5EB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C41201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00C41201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00C4E8F6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C520460_2_00C52046
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE80600_2_00BE8060
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C482980_2_00C48298
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1E4FF0_2_00C1E4FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1676B0_2_00C1676B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C748730_2_00C74873
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BECAF00_2_00BECAF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0CAA00_2_00C0CAA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFCC390_2_00BFCC39
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C16DD90_2_00C16DD9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE91C00_2_00BE91C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFB1190_2_00BFB119
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C013940_2_00C01394
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C017060_2_00C01706
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0781B0_2_00C0781B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C019B00_2_00C019B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE79200_2_00BE7920
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF997D0_2_00BF997D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C07A4A0_2_00C07A4A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C07CA70_2_00C07CA7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C01C770_2_00C01C77
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C19EEE0_2_00C19EEE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C6BE440_2_00C6BE44
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C01F320_2_00C01F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001EB3089237717_2_000001EB30892377
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001EB308B3DF217_2_000001EB308B3DF2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001EB308B3E3217_2_000001EB308B3E32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001EB308B451C17_2_000001EB308B451C
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00BFF9F2 appears 40 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00BE9CB3 appears 31 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00C00A30 appears 46 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal72.troj.evad.winEXE@34/34@69/12
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C537B5 GetLastError,FormatMessageW,0_2_00C537B5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C410BF AdjustTokenPrivileges,CloseHandle,0_2_00C410BF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C416C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00C416C3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C551CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00C551CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_00C4D4DC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00C5648E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00BE42A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6600:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6204:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3572:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5880:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2788:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000E.00000003.2317819990.000001A959F25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2303410028.000001A959EAE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000E.00000003.2303410028.000001A959EAE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000E.00000003.2303410028.000001A959EAE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000E.00000003.2303410028.000001A959EAE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000E.00000003.2317819990.000001A959F7B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
    Source: firefox.exe, 0000000E.00000003.2303410028.000001A959EAE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000E.00000003.2303410028.000001A959EAE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000E.00000003.2303410028.000001A959EAE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000E.00000003.2303410028.000001A959EAE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000E.00000003.2303410028.000001A959EAE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: file.exeReversingLabs: Detection: 31%
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2196 -parentBuildID 20230927232528 -prefsHandle 2132 -prefMapHandle 2124 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ee1dab7-f32b-4025-b591-a5b59c3dd1bf} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" 1a93e66f310 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4292 -parentBuildID 20230927232528 -prefsHandle 4284 -prefMapHandle 1812 -prefsLen 26395 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4de74356-ab29-421f-accc-57ed584a4147} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" 1a94decfd10 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5044 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3288 -prefMapHandle 5040 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c3e6a35-4447-4030-865b-29b5ac416484} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" 1a950216310 utility
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2196 -parentBuildID 20230927232528 -prefsHandle 2132 -prefMapHandle 2124 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ee1dab7-f32b-4025-b591-a5b59c3dd1bf} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" 1a93e66f310 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4292 -parentBuildID 20230927232528 -prefsHandle 4284 -prefMapHandle 1812 -prefsLen 26395 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4de74356-ab29-421f-accc-57ed584a4147} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" 1a94decfd10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5044 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3288 -prefMapHandle 5040 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c3e6a35-4447-4030-865b-29b5ac416484} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" 1a950216310 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2256427424.000001A94E39F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2254494437.000001A94E399000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2256427424.000001A94E39F000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2254494437.000001A94E399000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00BE42DE
    Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C00A76 push ecx; ret 0_2_00C00A89
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BED014 push cs; ret 0_2_00BED01E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF1263 pushad ; ret 0_2_00BF1266
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF125F pushad ; ret 0_2_00BF1262
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF1253 pushad ; ret 0_2_00BF1256
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF124F pushad ; ret 0_2_00BF1252
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF124D pushad ; ret 0_2_00BF124E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF1247 pushad ; ret 0_2_00BF124A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C356D8 push eax; ret 0_2_00C356DA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C356E9 push esp; ret 0_2_00C356EA
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C357E1 push ebx; ret 0_2_00C357E2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C357E4 push esi; ret 0_2_00C357FE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3178B push ss; ret 0_2_00C3179D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C31788 push ss; ret 0_2_00C31789
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C35788 push eax; ret 0_2_00C3578A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C35799 push esp; ret 0_2_00C3579A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3179F push ss; ret 0_2_00C317A1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C317A3 push ss; ret 0_2_00C317A5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C317A8 push ss; ret 0_2_00C317A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C317AC push ss; ret 0_2_00C317AD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C317B0 push ss; ret 0_2_00C317B1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C357B5 push ebx; ret 0_2_00C357B6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C35741 push esp; ret 0_2_00C35742
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3575C push eax; ret 0_2_00C3575E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3576D push esp; ret 0_2_00C3576E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C35707 push eax; ret 0_2_00C35712
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C35705 push ecx; ret 0_2_00C35706
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C35730 push eax; ret 0_2_00C35732
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C35801 push esi; ret 0_2_00C35802
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C35805 push esi; ret 0_2_00C35806
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C35809 push esi; ret 0_2_00C3580A
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00BFF98E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C71C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00C71C41
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96859
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001EB30892377 rdtsc 17_2_000001EB30892377
    Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.6 %
    Source: C:\Users\user\Desktop\file.exe TID: 1848Thread sleep count: 96 > 30Jump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 1848Thread sleep count: 108 > 30Jump to behavior
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00C4DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1C2A2 FindFirstFileExW,0_2_00C1C2A2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C568EE FindFirstFileW,FindClose,0_2_00C568EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00C5698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00C4D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00C4D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C59642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00C59642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00C5979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C59B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00C59B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C55C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00C55C97
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00BE42DE
    Source: firefox.exe, 00000010.00000002.3336936573.0000021C14A6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp1
    Source: firefox.exe, 00000012.00000002.3336372219.00000146D411A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`)]
    Source: firefox.exe, 00000011.00000002.3342242513.000001EB30920000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<
    Source: firefox.exe, 00000011.00000002.3334496824.000001EB2FFEA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
    Source: firefox.exe, 00000010.00000002.3336936573.0000021C14A6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW4
    Source: firefox.exe, 00000011.00000002.3342242513.000001EB30920000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341676827.00000146D45D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000010.00000002.3342142056.0000021C14F12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000010.00000002.3342813379.0000021C15340000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllj%%i
    Source: firefox.exe, 00000010.00000002.3336936573.0000021C14A6A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3342242513.000001EB30920000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000001EB30892377 rdtsc 17_2_000001EB30892377
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5EAA2 BlockInput,0_2_00C5EAA2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C12622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00C12622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00BE42DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C04CE8 mov eax, dword ptr fs:[00000030h]0_2_00C04CE8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C40B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00C40B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C12622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00C12622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00C0083F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C009D5 SetUnhandledExceptionFilter,0_2_00C009D5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C00C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00C00C21
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C41201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00C41201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C22BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00C22BA5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4B226 SendInput,keybd_event,0_2_00C4B226
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C622DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00C622DA
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C40B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00C40B62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C41663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00C41663
    Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: file.exeBinary or memory string: Shell_TrayWnd
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C00698 cpuid 0_2_00C00698
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C58195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00C58195
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3D27A GetUserNameW,0_2_00C3D27A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_00C1B952
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00BE42DE

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 4320, type: MEMORYSTR
    Source: file.exeBinary or memory string: WIN_81
    Source: file.exeBinary or memory string: WIN_XP
    Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: file.exeBinary or memory string: WIN_XPe
    Source: file.exeBinary or memory string: WIN_VISTA
    Source: file.exeBinary or memory string: WIN_7
    Source: file.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 4320, type: MEMORYSTR
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C61204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00C61204
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C61806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00C61806
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts
    1
    Windows Management Instrumentation
    1
    DLL Side-Loading
    1
    Exploitation for Privilege Escalation
    2
    Disable or Modify Tools
    21
    Input Capture
    2
    System Time Discovery
    Remote Services1
    Archive Collected Data
    2
    Ingress Tool Transfer
    Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API
    2
    Valid Accounts
    1
    DLL Side-Loading
    1
    Deobfuscate/Decode Files or Information
    LSASS Memory1
    Account Discovery
    Remote Desktop Protocol21
    Input Capture
    12
    Encrypted Channel
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection
    2
    Obfuscated Files or Information
    Security Account Manager2
    File and Directory Discovery
    SMB/Windows Admin Shares3
    Clipboard Data
    2
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts
    1
    DLL Side-Loading
    NTDS16
    System Information Discovery
    Distributed Component Object ModelInput Capture3
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation
    1
    Extra Window Memory Injection
    LSA Secrets131
    Security Software Discovery
    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection
    1
    Masquerading
    Cached Domain Credentials11
    Virtualization/Sandbox Evasion
    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts
    DCSync3
    Process Discovery
    Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
    Virtualization/Sandbox Evasion
    Proc Filesystem1
    Application Window Discovery
    Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation
    /etc/passwd and /etc/shadow1
    System Owner/User Discovery
    Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection
    Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1560173 Sample: file.exe Startdate: 21/11/2024 Architecture: WINDOWS Score: 72 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Credential Flusher 2->59 61 Binary is likely a compiled AutoIt script file 2->61 63 2 other signatures 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 224 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.185.206, 443, 49711, 49713 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49714, 49721, 49722 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    file.exe32%ReversingLabsWin32.Trojan.AutoitInject
    file.exe100%Joe Sandbox ML
    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    93.184.215.14
    truefalse
      high
      star-mini.c10r.facebook.com
      157.240.253.35
      truefalse
        high
        prod.classify-client.prod.webservices.mozgcp.net
        35.190.72.216
        truefalse
          high
          prod.balrog.prod.cloudops.mozgcp.net
          35.244.181.201
          truefalse
            high
            twitter.com
            104.244.42.129
            truefalse
              high
              prod.detectportal.prod.cloudops.mozgcp.net
              34.107.221.82
              truefalse
                high
                services.addons.mozilla.org
                151.101.1.91
                truefalse
                  high
                  dyna.wikimedia.org
                  185.15.59.224
                  truefalse
                    high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    34.149.100.209
                    truefalse
                      high
                      contile.services.mozilla.com
                      34.117.188.166
                      truefalse
                        high
                        youtube.com
                        142.250.185.206
                        truefalse
                          high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          34.160.144.191
                          truefalse
                            high
                            youtube-ui.l.google.com
                            142.250.186.142
                            truefalse
                              high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              34.149.128.2
                              truefalse
                                high
                                reddit.map.fastly.net
                                151.101.193.140
                                truefalse
                                  high
                                  ipv4only.arpa
                                  192.0.0.170
                                  truefalse
                                    high
                                    prod.ads.prod.webservices.mozgcp.net
                                    34.117.188.166
                                    truefalse
                                      high
                                      push.services.mozilla.com
                                      34.107.243.93
                                      truefalse
                                        high
                                        normandy-cdn.services.mozilla.com
                                        35.201.103.21
                                        truefalse
                                          high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          34.120.208.123
                                          truefalse
                                            high
                                            www.reddit.com
                                            unknown
                                            unknownfalse
                                              high
                                              spocs.getpocket.com
                                              unknown
                                              unknownfalse
                                                high
                                                content-signature-2.cdn.mozilla.net
                                                unknown
                                                unknownfalse
                                                  high
                                                  support.mozilla.org
                                                  unknown
                                                  unknownfalse
                                                    high
                                                    firefox.settings.services.mozilla.com
                                                    unknown
                                                    unknownfalse
                                                      high
                                                      www.youtube.com
                                                      unknown
                                                      unknownfalse
                                                        high
                                                        www.facebook.com
                                                        unknown
                                                        unknownfalse
                                                          high
                                                          detectportal.firefox.com
                                                          unknown
                                                          unknownfalse
                                                            high
                                                            normandy.cdn.mozilla.net
                                                            unknown
                                                            unknownfalse
                                                              high
                                                              shavar.services.mozilla.com
                                                              unknown
                                                              unknownfalse
                                                                high
                                                                www.wikipedia.org
                                                                unknown
                                                                unknownfalse
                                                                  high
                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://youtube.comZfirefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      high
                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000011.00000002.3337595092.000001EB303C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3337911270.00000146D44C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          high
                                                                          https://datastudio.google.com/embed/reporting/firefox.exe, 0000000E.00000003.2335848893.000001A94FFC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://www.mozilla.com0gmpopenh264.dll.tmp.14.drfalse
                                                                              high
                                                                              https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.firefox.exe, 00000010.00000002.3338844237.0000021C14DE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3337595092.000001EB303EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341832685.00000146D4704000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                high
                                                                                https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000010.00000002.3338844237.0000021C14D72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3337595092.000001EB30386000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3337911270.00000146D448F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://www.leboncoin.fr/firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://spocs.getpocket.com/spocsfirefox.exe, 0000000E.00000003.2332052054.000001A959EF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://screenshots.firefox.comfirefox.exe, 0000000E.00000003.2347926538.000001A94DBB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.2170507147.000001A956692000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126224615.000001A94E86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126368906.000001A94E88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2125063327.000001A94E81D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126108427.000001A94E853000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000E.00000003.2346872028.000001A94FA27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2347746984.000001A94EA88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2346493939.000001A94FA4E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000E.00000003.2306834318.000001A956282000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000000E.00000003.2175881013.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2164723421.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2306974854.000001A95617C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A956182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.2169787623.000001A9567AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://www.msn.comfirefox.exe, 0000000E.00000003.2309003551.000001A951919000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.2124884903.000001A94E600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2125399694.000001A94E838000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126224615.000001A94E86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2125063327.000001A94E81D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126108427.000001A94E853000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://youtube.com/firefox.exe, 0000000E.00000003.2311017396.000001A950ADF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A95618F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://content-signature-2.cdn.mozilla.net/firefox.exe, 0000000E.00000003.2169787623.000001A9567AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingfirefox.exe, 0000000E.00000003.2175881013.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2164723421.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://www.amazon.com/firefox.exe, 0000000E.00000003.2306621055.000001A9562AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://fpn.firefox.comfirefox.exe, 0000000E.00000003.2347926538.000001A94DBD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 0000000E.00000003.2306974854.000001A95617C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A956182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://mozilla.org/0Sfirefox.exe, 0000000E.00000003.2327748751.000029BB87704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://win.mail.ru/cgi-bin/sentmsg?mailto=%sfirefox.exe, 0000000E.00000003.2296641278.000001A94A47D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2326796939.000001A94A47D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://www.youtube.com/firefox.exe, 0000000E.00000003.2332052054.000001A959EF9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3337595092.000001EB30303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3337911270.00000146D440C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000E.00000003.2192240991.000001A94F965000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2190668853.000001A94F91E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://MD8.mozilla.org/1/mfirefox.exe, 0000000E.00000003.2346493939.000001A94FA4A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://www.bbc.co.uk/firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000011.00000002.3337595092.000001EB303C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3337911270.00000146D44C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          http://127.0.0.1:firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000E.00000003.2192240991.000001A94F965000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000E.00000003.2184776828.000001A94FD8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://bugzilla.mofirefox.exe, 0000000E.00000003.2332265062.000001A95939D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://mitmdetection.services.mozilla.com/firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://amazon.comfirefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000000E.00000003.2346493939.000001A94FA4E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://youtube.com/account?=recovery.jsonlz4.tmp.14.drfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLfirefox.exe, 0000000E.00000003.2332052054.000001A959EF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffirefox.exe, 00000010.00000002.3338844237.0000021C14DE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3337595092.000001EB303EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341832685.00000146D4704000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477firefox.exe, 00000010.00000002.3338844237.0000021C14DE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3337595092.000001EB303EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3341832685.00000146D4704000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000E.00000003.2341920467.000001A956182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://spocs.getpocket.com/firefox.exe, 00000012.00000002.3337911270.00000146D4413000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://www.iqiyi.com/firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://youtube.com/account?=https://accounts.google.cofirefox.exe, 00000011.00000002.3335400006.000001EB30140000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://www.amazon.com/Zfirefox.exe, 0000000E.00000003.2327358662.0000287C60F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2327499579.00000F1A5D103000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000E.00000003.2306834318.000001A956282000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000E.00000003.2175990130.000001A94FB80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.14.drfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  http://developer.mozilla.org/en/docs/DOM:element.addEventListenerUseOfReleaseEventsWarningUsefirefox.exe, 0000000E.00000003.2306974854.000001A95617C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A956182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    high
                                                                                                                                                                                                                    https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.2171549400.000001A9519BF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2295171799.000001A94F888000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2186174915.000001A94FD97000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2347926538.000001A94DBD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2311344258.000001A9508D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2188291216.000001A94F8C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2160224426.000001A94E0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171549400.000001A9519B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2312686614.000001A950091000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2319006228.000001A94F8A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2159251027.000001A94E0CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323260233.000001A94E08B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2171549400.000001A951981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2140366669.000001A94ECE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2186174915.000001A94FD95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249454829.000001A94ECDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275346977.000001A94E07F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2337693877.000001A94E866000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2308208371.000001A9519B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2174233361.000001A9508D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271405463.000001A950118000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          https://account.bellmedia.cfirefox.exe, 0000000E.00000003.2309003551.000001A951919000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            https://login.microsoftonline.comfirefox.exe, 0000000E.00000003.2309003551.000001A951919000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              high
                                                                                                                                                                                                                              https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.14.drfalse
                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                  https://www.zhihu.com/firefox.exe, 0000000E.00000003.2306414384.000001A9562DD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                    http://x1.c.lencr.org/0firefox.exe, 0000000E.00000003.2305671816.000001A956339000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                      http://x1.i.lencr.org/0firefox.exe, 0000000E.00000003.2305671816.000001A956339000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                        http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000000E.00000003.2175990130.000001A94FB80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                          https://blocked.cdn.mozilla.net/firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                            high
                                                                                                                                                                                                                                            https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 0000000E.00000003.2306974854.000001A95617C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341920467.000001A95617C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              high
                                                                                                                                                                                                                                              https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000E.00000003.2304528805.000001A956786000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2163379875.000001A9567A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340664189.000001A95678F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2169787623.000001A9567AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                                http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000000E.00000003.2175881013.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2164723421.000001A94FBDA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                                  https://duckduckgo.com/?t=ffab&q=firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                                    https://profiler.firefox.comfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                                      https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                                        https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000E.00000003.2190668853.000001A94F92B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2192240991.000001A94F965000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2190668853.000001A94F91E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            high
                                                                                                                                                                                                                                                            https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000E.00000003.2296641278.000001A94A47D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2347926538.000001A94DBC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2326796939.000001A94A47D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              high
                                                                                                                                                                                                                                                              https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000E.00000003.2306621055.000001A9562AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2341540644.000001A9563D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2305271803.000001A9563D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                                                https://www.amazon.co.uk/firefox.exe, 0000000E.00000003.2171015596.000001A95664E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2340883538.000001A956675000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                                                  https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000E.00000003.2348431316.000001A959FE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                                                    https://monitor.firefox.com/user/preferencesfirefox.exe, 00000010.00000002.3338261653.0000021C14BB0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3336851566.000001EB301B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3337265570.00000146D4240000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                                                      https://screenshots.firefox.com/firefox.exe, 0000000E.00000003.2126108427.000001A94E853000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                                                        https://www.google.com/searchfirefox.exe, 0000000E.00000003.2124884903.000001A94E600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185998000.000001A9500EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2125399694.000001A94E838000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185421218.000001A9500EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184537969.000001A9500EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282095647.000001A9500EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2258219886.000001A9500EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126224615.000001A94E86F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126368906.000001A94E88A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2185241009.000001A9500EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2125063327.000001A94E81D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2126108427.000001A94E853000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2346924041.000001A94F59D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                          • 75% < No. of IPs
                                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                          142.250.185.206
                                                                                                                                                                                                                                                                          youtube.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          151.101.1.91
                                                                                                                                                                                                                                                                          services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                          54113FASTLYUSfalse
                                                                                                                                                                                                                                                                          34.149.100.209
                                                                                                                                                                                                                                                                          prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.107.243.93
                                                                                                                                                                                                                                                                          push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.107.221.82
                                                                                                                                                                                                                                                                          prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.244.181.201
                                                                                                                                                                                                                                                                          prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.117.188.166
                                                                                                                                                                                                                                                                          contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                          35.201.103.21
                                                                                                                                                                                                                                                                          normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.190.72.216
                                                                                                                                                                                                                                                                          prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.160.144.191
                                                                                                                                                                                                                                                                          prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.120.208.123
                                                                                                                                                                                                                                                                          telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                                                          127.0.0.1
                                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                          Analysis ID:1560173
                                                                                                                                                                                                                                                                          Start date and time:2024-11-21 14:00:11 +01:00
                                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                          Overall analysis duration:0h 7m 19s
                                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:22
                                                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                          Sample name:file.exe
                                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                                          Classification:mal72.troj.evad.winEXE@34/34@69/12
                                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 50%
                                                                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 95%
                                                                                                                                                                                                                                                                          • Number of executed functions: 40
                                                                                                                                                                                                                                                                          • Number of non-executed functions: 312
                                                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 35.164.125.63, 35.80.238.59, 52.12.64.98, 172.217.16.202, 216.58.206.74, 142.250.185.110, 2.18.121.73, 2.18.121.79, 2.22.61.59, 2.22.61.56, 142.250.74.206
                                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, otelrules.azureedge.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                          • VT rate limit hit for: file.exe
                                                                                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                                                                                          08:01:16API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          34.117.188.166file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              151.101.1.91file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  34.149.100.209file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      example.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                      services.addons.mozilla.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                      twitter.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                      star-mini.c10r.facebook.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.252.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.0.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.252.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.252.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.251.35
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 157.240.253.35
                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      FASTLYUShttps://github.com/karakun/OpenWebStart/releases/download/v1.10.1/OpenWebStart_windows-x64_1_10_1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 185.199.110.133
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      estimate Cost.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      https://url.uk.m.mimecastprotect.com/s/1u4eCqxlyukZk7ltZfxHE-ELz?domain=andy-25.simvoly.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                      GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                      ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      an#U00e9xo69338961197-0978.381.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.56.54.234
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      an#U00e9xo69338961197-0978.381.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.56.54.234
                                                                                                                                                                                                                                                                                                                                      an#U00e9xo6896294663.32903578.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.56.54.234
                                                                                                                                                                                                                                                                                                                                      an#U00e9xo3649-04519-11...13-6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.56.54.234
                                                                                                                                                                                                                                                                                                                                      an#U00e9xo6896294663.32903578.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      • 34.56.54.234
                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                      • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                      • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                      • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                      • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.17366994355411
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:1MKMXRNGcbhbVbTbfbRbObtbyEl7n0rgJA6wnSrDtTkd/S8:SP+cNhnzFSJUrTjnSrDhkd/F
                                                                                                                                                                                                                                                                                                                                                                              MD5:8423D1422A07157996807A6D5B6B7BD5
                                                                                                                                                                                                                                                                                                                                                                              SHA1:BD9538924774EA567402DB464096A646217F282F
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A9CC5C1FF36244748FB6F41673CA6C15AE99DD9B3B7E9E32781E68B928519887
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:E32E0C295613067ADEC24AF547763E2D3E3CE6FC60DBD61BFADFB0406E794F7A9891981FF60678053AB17F6162EBE42D215DD9A53FADD819D24003A566D1055F
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"type":"uninstall","id":"0de9d24c-8ea2-4a51-a453-93613bb92202","creationDate":"2024-11-21T14:30:45.089Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.17366994355411
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:1MKMXRNGcbhbVbTbfbRbObtbyEl7n0rgJA6wnSrDtTkd/S8:SP+cNhnzFSJUrTjnSrDhkd/F
                                                                                                                                                                                                                                                                                                                                                                              MD5:8423D1422A07157996807A6D5B6B7BD5
                                                                                                                                                                                                                                                                                                                                                                              SHA1:BD9538924774EA567402DB464096A646217F282F
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A9CC5C1FF36244748FB6F41673CA6C15AE99DD9B3B7E9E32781E68B928519887
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:E32E0C295613067ADEC24AF547763E2D3E3CE6FC60DBD61BFADFB0406E794F7A9891981FF60678053AB17F6162EBE42D215DD9A53FADD819D24003A566D1055F
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"type":"uninstall","id":"0de9d24c-8ea2-4a51-a453-93613bb92202","creationDate":"2024-11-21T14:30:45.089Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                              MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                              SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                                              MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                                              SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.921696193718552
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNu9Ixeln:8S+OVPUFRbOdwNIOdYpjvY1Q6Lhe8P
                                                                                                                                                                                                                                                                                                                                                                              MD5:2638E68DB461331A3D055A9505A21406
                                                                                                                                                                                                                                                                                                                                                                              SHA1:27C66A0721033571BBCDE29CA9349E09B9F91317
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:08E33AF6365EEC2B2E61BF9CEE595C26080AFD773A9C2842796ACA82C2604A68
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:32C2806A5CFC55FE96060F715EA90585DC6530D6C840EA5B797CA01F2BD76BE3C40F018141A15849F1C92BB32656DF983A773E84F0EE07DE63A296337A568E11
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.921696193718552
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNu9Ixeln:8S+OVPUFRbOdwNIOdYpjvY1Q6Lhe8P
                                                                                                                                                                                                                                                                                                                                                                              MD5:2638E68DB461331A3D055A9505A21406
                                                                                                                                                                                                                                                                                                                                                                              SHA1:27C66A0721033571BBCDE29CA9349E09B9F91317
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:08E33AF6365EEC2B2E61BF9CEE595C26080AFD773A9C2842796ACA82C2604A68
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:32C2806A5CFC55FE96060F715EA90585DC6530D6C840EA5B797CA01F2BD76BE3C40F018141A15849F1C92BB32656DF983A773E84F0EE07DE63A296337A568E11
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                                              MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                                              SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):5312
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.615424734763731
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                                                                                                                                                                                                                                                                                                                                                              MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                                                                                                                                                                                                                                                                                                                                                              SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                                              MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                                              SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1867463390487
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                                                                                                                                                                                                                                                                              MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                                                                                                                                                                                                                                                                              SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1867463390487
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                                                                                                                                                                                                                                                                              MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                                                                                                                                                                                                                                                                              SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.0732815395727195
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zki:DLhesh7Owd4+ji
                                                                                                                                                                                                                                                                                                                                                                              MD5:6B7D7FEAAD18850496D91C98ED002C34
                                                                                                                                                                                                                                                                                                                                                                              SHA1:09449E12DAB1260DAC3AA2C43E0B64B317D46260
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:735083D7956F33BE56D4909977510F28DA094E42B0420246E87754F32D113D80
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:56B6EC8D1590C3E9D4F1EE74BBED28BF78B205C6EE7759C56CB07C757DE12B5CA095DDBE0B65F72EE0C6FDD62F371698836F802C2D4ED8CE5DD383514C162EB8
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.035203016381298996
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:GtlstFXqbygSl1lstFXqbygttT89//alEl:GtWt8mgSPWt8mg789XuM
                                                                                                                                                                                                                                                                                                                                                                              MD5:908357E235C9F89A27EFDFC414F0CE55
                                                                                                                                                                                                                                                                                                                                                                              SHA1:B05311410D61A374CD21FFF20EA48CCFA0FCEC7B
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D5E95F4A27EB3D207EBD38CD7FC65B6DF92F2E24F6D3E18BB56B56CD1DA48B62
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:19FE2FD4EF8DA37028165F4366DE945D9A7926A08867EF0CE3CEFF55110CA000938241E953CCFC4F1A6B32F0F4584859A66B6BEBBBB6A246DC1350176147D6FB
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:..-......................X.9>....D<}e.k...&.......-......................X.9>....D<}e.k...&.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.03977737134837929
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:Ol1ltBQ2ptIVks+HX7l8rEXsxdwhml8XW3R2:Krfourl8dMhm93w
                                                                                                                                                                                                                                                                                                                                                                              MD5:C21D9AD61F2626AF1AFE4A974ADBD159
                                                                                                                                                                                                                                                                                                                                                                              SHA1:9B6934A20CC26FC117046825E2DA00551853F468
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:407B048B92DF5072FC1FCCDD77D49AD36E3397D2CC148DCEE0D53FA93CC94D30
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:649E5CF3BC5B09229A19EDFD182A6AC836ED6A75461E24296B199DA6319DABCF26E5B1A93845499175A67CD8A5BB44E97A563E823852C36D2F283727A86D84AE
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:7....-...........D<}e.k.S.G.%............D<}e.k.9.X....>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):13187
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.4760099411181455
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:pnPOeRnLYbBp6UJ0aX+h6SEXK/VNBh5RHWNBw8dlSl:NDexJUYefbHEwW0
                                                                                                                                                                                                                                                                                                                                                                              MD5:298055BCD84D49C32911C392E596B072
                                                                                                                                                                                                                                                                                                                                                                              SHA1:374659EE25FE5A43A63EC30D9D1B9F0BFA7AFDAC
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D834C92A3C9A2A75E60033E17E19E4770B8EEBD9C8291EA9CEC4C06878EB0B1D
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:5C34F26C01E2E42D6576C3EB6867F580B73D169E1548438138B6530E4BCE1482BA164224910C29E77B14D719233ADCAA98ABE9793BF9D2E5B52B3FACE570574B
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1732199415);..user_pref("app.update.lastUpdateTime.background-update-timer", 1732199415);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1732199415);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173219
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):13187
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.4760099411181455
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:pnPOeRnLYbBp6UJ0aX+h6SEXK/VNBh5RHWNBw8dlSl:NDexJUYefbHEwW0
                                                                                                                                                                                                                                                                                                                                                                              MD5:298055BCD84D49C32911C392E596B072
                                                                                                                                                                                                                                                                                                                                                                              SHA1:374659EE25FE5A43A63EC30D9D1B9F0BFA7AFDAC
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D834C92A3C9A2A75E60033E17E19E4770B8EEBD9C8291EA9CEC4C06878EB0B1D
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:5C34F26C01E2E42D6576C3EB6867F580B73D169E1548438138B6530E4BCE1482BA164224910C29E77B14D719233ADCAA98ABE9793BF9D2E5B52B3FACE570574B
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1732199415);..user_pref("app.update.lastUpdateTime.background-update-timer", 1732199415);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1732199415);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173219
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                                              MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                                              SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1562
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.340866260889484
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:v+USUGlcAxSM4qOLXnIrSP/pnxQwRcIB5sKmgbG0a3eHVpjO+OamhujJwO2c0Tif:GUpOxpLOdnRc4egyb3erjxO4Jwc3zBtb
                                                                                                                                                                                                                                                                                                                                                                              MD5:7FDA077AEE6D402E630EEBCE84C3F08F
                                                                                                                                                                                                                                                                                                                                                                              SHA1:FA514C99F3CF1FAF23FF9C2C8A1E547FB6964B2C
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:820BAB4E5EF6F8E47C6BAD91B1BB47D77162D50AD765C9D61001377CBBA54B93
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:409D2F46F6C4985E26CC7E61A516069160FCBB5B63F039D692C92731A54775AE3F7FF18699075100283B204B589A94CA2690C94E2FBEB01B076F45CC92DB97FF
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{67115e58-9e03-4e02-880a-6f98051ca6e5}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1732199421891,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":...screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..`385017...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..eexpiry....391031,"originA...."fir
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1562
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.340866260889484
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:v+USUGlcAxSM4qOLXnIrSP/pnxQwRcIB5sKmgbG0a3eHVpjO+OamhujJwO2c0Tif:GUpOxpLOdnRc4egyb3erjxO4Jwc3zBtb
                                                                                                                                                                                                                                                                                                                                                                              MD5:7FDA077AEE6D402E630EEBCE84C3F08F
                                                                                                                                                                                                                                                                                                                                                                              SHA1:FA514C99F3CF1FAF23FF9C2C8A1E547FB6964B2C
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:820BAB4E5EF6F8E47C6BAD91B1BB47D77162D50AD765C9D61001377CBBA54B93
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:409D2F46F6C4985E26CC7E61A516069160FCBB5B63F039D692C92731A54775AE3F7FF18699075100283B204B589A94CA2690C94E2FBEB01B076F45CC92DB97FF
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{67115e58-9e03-4e02-880a-6f98051ca6e5}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1732199421891,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":...screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..`385017...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..eexpiry....391031,"originA...."fir
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1562
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.340866260889484
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:v+USUGlcAxSM4qOLXnIrSP/pnxQwRcIB5sKmgbG0a3eHVpjO+OamhujJwO2c0Tif:GUpOxpLOdnRc4egyb3erjxO4Jwc3zBtb
                                                                                                                                                                                                                                                                                                                                                                              MD5:7FDA077AEE6D402E630EEBCE84C3F08F
                                                                                                                                                                                                                                                                                                                                                                              SHA1:FA514C99F3CF1FAF23FF9C2C8A1E547FB6964B2C
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:820BAB4E5EF6F8E47C6BAD91B1BB47D77162D50AD765C9D61001377CBBA54B93
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:409D2F46F6C4985E26CC7E61A516069160FCBB5B63F039D692C92731A54775AE3F7FF18699075100283B204B589A94CA2690C94E2FBEB01B076F45CC92DB97FF
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{67115e58-9e03-4e02-880a-6f98051ca6e5}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1732199421891,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":...screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..`385017...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..eexpiry....391031,"originA...."fir
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                                              MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                                                                                                                              SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.028824277113676
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:96:yc/MTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:yTEr5NX0z3DhRe
                                                                                                                                                                                                                                                                                                                                                                              MD5:B0393F5640B2A68362F304E20A3E137D
                                                                                                                                                                                                                                                                                                                                                                              SHA1:7BB36BFB345D30582FA68620C9E42B21FE1672FA
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1F8F11F90F4F105113EA31825B2F3B6EEC38B14607B86498C3ECBF82D272BB34
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:8B30A1609CBE36D72D447A2F20AD33929CC5459D076D5D41C2B2CFC7950E9BE865EFAE266DBCE728438AAD95155320713FC6BDEFD887F1A17D73E56063A714F7
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-11-21T14:30:04.315Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.028824277113676
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:96:yc/MTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:yTEr5NX0z3DhRe
                                                                                                                                                                                                                                                                                                                                                                              MD5:B0393F5640B2A68362F304E20A3E137D
                                                                                                                                                                                                                                                                                                                                                                              SHA1:7BB36BFB345D30582FA68620C9E42B21FE1672FA
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1F8F11F90F4F105113EA31825B2F3B6EEC38B14607B86498C3ECBF82D272BB34
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:8B30A1609CBE36D72D447A2F20AD33929CC5459D076D5D41C2B2CFC7950E9BE865EFAE266DBCE728438AAD95155320713FC6BDEFD887F1A17D73E56063A714F7
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-11-21T14:30:04.315Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.592818845672303
                                                                                                                                                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                                              File name:file.exe
                                                                                                                                                                                                                                                                                                                                                                              File size:922'624 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5:ec1c70253b8b244e9a71d54d6b7a917c
                                                                                                                                                                                                                                                                                                                                                                              SHA1:2a4e57c4c91e7d050205ce1cd845d5e8b7b3c197
                                                                                                                                                                                                                                                                                                                                                                              SHA256:75c02ef78aac8f7fb0fc0bca6825df1045e57445d6aeb373f4ad010c22922cce
                                                                                                                                                                                                                                                                                                                                                                              SHA512:0b3a8b8b0b89491f00b3bd9e5a5c086783678780c9e422d5b84d0dec11c7b79c8931d75419579472f86aec35a3156a5ea3219ec2371b1a9b5073a03c9bea8416
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:LqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgahTbKW:LqDEvCTbMWu7rQYlBQcBiT6rprG8a1N
                                                                                                                                                                                                                                                                                                                                                                              TLSH:E7159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                                              File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....
                                                                                                                                                                                                                                                                                                                                                                              Icon Hash:aaf3e3e3938382a0
                                                                                                                                                                                                                                                                                                                                                                              Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                              Time Stamp:0x673F2E81 [Thu Nov 21 12:58:41 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                                              OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                                                                                                                                                                                              File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                                              Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                              Import Hash:948cc502fe9226992dce9417f952fce3
                                                                                                                                                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                                                                                                                                                              call 00007FE268EC8213h
                                                                                                                                                                                                                                                                                                                                                                              jmp 00007FE268EC7B1Fh
                                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                              call 00007FE268EC7CFDh
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                              call 00007FE268EC7CCAh
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                              lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                                                                                              mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                              add eax, 04h
                                                                                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                                                                                              call 00007FE268ECA8BDh
                                                                                                                                                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                                                                                                                                                                                              lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                                                                                              call 00007FE268ECA908h
                                                                                                                                                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                              lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                                                                                              call 00007FE268ECA8F1h
                                                                                                                                                                                                                                                                                                                                                                              test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                                                                                                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                              • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000xa954.rsrc
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xdf0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                              .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                              .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                              .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                              .rsrc0xd40000xa9540xaa00de127694570c2963747aecb5132aa112False0.3748621323529412data5.655016733048107IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                              .reloc0xdf0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                                              RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                                              RT_RCDATA0xdc7b80x1c1cdata1.0015286270150083
                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xde3d40x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xde44c0x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xde4600x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xde4740x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                              RT_VERSION0xde4880xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                                              RT_MANIFEST0xde5640x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                                                                                                                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                                                                                                                                                              WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                                              VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                                              COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                                              MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                                              WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                                              PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                                              IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                                              USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                                              UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                                              KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                                              USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                                              GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                                              ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                                              SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                                              ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                                              OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture
                                                                                                                                                                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                              EnglishGreat Britain
                                                                                                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.270878077 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.270914078 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.271346092 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.276882887 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.276900053 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.871629953 CET49711443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.871666908 CET44349711142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.871776104 CET49711443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.873823881 CET49711443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.873841047 CET44349711142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.494796038 CET49713443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.494833946 CET44349713142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.502557039 CET49713443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.506407022 CET49713443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.506417990 CET44349713142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.597054958 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.597158909 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.604873896 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.604890108 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.605025053 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.605027914 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.605036974 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.605288029 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.702725887 CET4971480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.822755098 CET804971434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.822990894 CET4971480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.823190928 CET4971480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.945373058 CET804971434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.191598892 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.191632986 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.191828966 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.191864967 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.192126036 CET49717443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.192133904 CET4434971735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.193844080 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.193950891 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.193950891 CET49717443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.195489883 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.195498943 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.196930885 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.196944952 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.196979046 CET49717443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.196988106 CET4434971735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.274292946 CET44349711142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.274379015 CET49711443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.275239944 CET44349711142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.275417089 CET49711443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.278266907 CET49711443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.278273106 CET44349711142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.278393030 CET49711443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.278412104 CET44349711142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.278819084 CET49711443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.463339090 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.463378906 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.463464975 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.463571072 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.463588953 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.958812952 CET804971434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.960750103 CET44349713142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.960793972 CET44349713142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.961787939 CET44349713142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.966936111 CET49713443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.966954947 CET44349713142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.019437075 CET49713443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.019454956 CET4971480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.366795063 CET49713443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.366812944 CET44349713142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.366952896 CET49713443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.367372036 CET44349713142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.367408991 CET49719443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.367475986 CET44349719142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.370064020 CET49713443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.370086908 CET49719443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.371520996 CET49719443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.371556997 CET44349719142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.468648911 CET4434971735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.468743086 CET49717443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.472534895 CET49717443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.472543001 CET4434971735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.473031044 CET4434971735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.475871086 CET49717443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.475960016 CET49717443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.476063013 CET4434971735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.477351904 CET49717443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.515512943 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.515913010 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.520356894 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.520368099 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.520450115 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.520509005 CET4434971534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.520673990 CET49715443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.525686026 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.526669025 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.530371904 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.530380011 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.530508041 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.530694962 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.530919075 CET49720443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.530965090 CET4434972034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.531965971 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.532072067 CET49720443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.533459902 CET49720443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.533477068 CET4434972034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.552571058 CET4971480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.675730944 CET804971434.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.675796032 CET4971480192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.735480070 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.735552073 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.739141941 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.739152908 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.739650011 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.742465973 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.742561102 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.742644072 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.742804050 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.788489103 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.808852911 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.908898115 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.908977032 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.909229040 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.928631067 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.928744078 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.928911924 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.030522108 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.048449039 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.812253952 CET4434972034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.812675953 CET49720443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.817895889 CET49720443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.817941904 CET4434972034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.818018913 CET49720443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.818367004 CET4434972034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.820626974 CET49720443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.945524931 CET49725443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.945619106 CET4434972534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.956146955 CET49725443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.957648039 CET49725443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.957669973 CET4434972534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.996510029 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.015470982 CET44349719142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.015584946 CET49719443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.018178940 CET44349719142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.018259048 CET49719443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.022229910 CET49719443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.022260904 CET44349719142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.022322893 CET49719443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.022547007 CET44349719142.250.185.206192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.022680044 CET49719443192.168.2.5142.250.185.206
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.043263912 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.061330080 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.101388931 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.106195927 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.221956015 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.224339008 CET49726443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.224358082 CET4434972634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.224672079 CET49727443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.224771976 CET4434972734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.225389004 CET49728443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.225419044 CET4434972835.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.226402044 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.226711035 CET49726443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.226814985 CET49727443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.227516890 CET49728443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.228703976 CET49726443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.228715897 CET4434972634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.230644941 CET49727443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.230690002 CET4434972734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.230829954 CET49728443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.230846882 CET4434972835.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.391190052 CET49729443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.391309977 CET4434972934.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.391793013 CET49729443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.393816948 CET49729443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.393851042 CET4434972934.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.421837091 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.430171013 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.444971085 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.481690884 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.565149069 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.760514021 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.816520929 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.274835110 CET4434972534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.274844885 CET4434972534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.284719944 CET49725443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.439985991 CET4434972835.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.450939894 CET49728443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.457217932 CET4434972734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.457317114 CET49727443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.465418100 CET49728443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.465435982 CET4434972835.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.465635061 CET4434972835.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.468868971 CET49725443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.468908072 CET4434972534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.469036102 CET49725443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.469185114 CET4434972534.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.472176075 CET49725443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.474803925 CET49727443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.474853039 CET4434972734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.474900007 CET49727443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.475445986 CET4434972734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.476164103 CET49728443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.476233006 CET49728443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.476288080 CET4434972835.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.476490021 CET49727443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.476494074 CET49728443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.539298058 CET4434972634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.540122986 CET49726443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.546569109 CET49726443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.546576023 CET4434972634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.546691895 CET4434972634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.546709061 CET49726443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.546714067 CET4434972634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.547823906 CET49726443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.826523066 CET4434972934.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.826627970 CET49729443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.970863104 CET49729443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.970921993 CET4434972934.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.970983028 CET49729443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.971179962 CET4434972934.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:19.971259117 CET49729443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.442893028 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.562498093 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.767091990 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.813385963 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.850400925 CET49740443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.850434065 CET4434974034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.850569010 CET49740443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.851953983 CET49740443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.851969957 CET4434974034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:25.118443012 CET4434974034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:25.118554115 CET49740443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:25.122514009 CET49740443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:25.122524977 CET4434974034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:25.122636080 CET49740443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:25.122647047 CET4434974034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:25.122826099 CET49740443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.775918007 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.895840883 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.896665096 CET49754443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.896696091 CET4434975434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.896929026 CET49755443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.897016048 CET4434975534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.899161100 CET49754443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.899168968 CET49755443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.899319887 CET49754443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.899333000 CET4434975434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.899420023 CET49755443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.899451017 CET4434975534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.936599016 CET49761443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.936621904 CET4434976134.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.937346935 CET49761443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.938776970 CET49761443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.938790083 CET4434976134.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.940992117 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.061352015 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.173472881 CET4434975534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.173562050 CET49755443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.176475048 CET49755443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.176506996 CET4434975534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.176769018 CET4434975534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.179408073 CET49755443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.179507971 CET49755443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.179559946 CET4434975534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.179657936 CET49755443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.202402115 CET4434975434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.202474117 CET49754443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.205287933 CET49754443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.205293894 CET4434975434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.205512047 CET4434975434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.208255053 CET49754443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.208362103 CET4434975434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.208391905 CET49754443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.208395958 CET4434975434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.257733107 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.267815113 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.269105911 CET49762443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.269134998 CET4434976234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.276535988 CET49762443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.278059959 CET49762443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.278076887 CET4434976234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.311517000 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.393681049 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.419359922 CET4434975434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.419430017 CET49754443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.558409929 CET49763443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.558518887 CET4434976334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.559029102 CET49763443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.560714960 CET49763443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.560751915 CET4434976334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.597920895 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.643714905 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.199177980 CET4434976134.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.199266911 CET49761443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.203830957 CET49761443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.203866005 CET4434976134.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.203911066 CET49761443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.204065084 CET4434976134.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.204132080 CET49761443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.551275015 CET4434976234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.551287889 CET4434976234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.551356077 CET49762443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.555279016 CET49762443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.555294037 CET4434976234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.555381060 CET49762443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.555416107 CET4434976234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.555522919 CET49762443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.822602987 CET4434976334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.822702885 CET49763443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.402017117 CET49763443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.402054071 CET4434976334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.402242899 CET49763443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.402375937 CET4434976334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.402571917 CET49763443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.446460009 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.480375051 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.480830908 CET49768443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.480856895 CET4434976834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.481745958 CET49768443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.481868029 CET49768443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.481879950 CET4434976834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.494551897 CET49769443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.494656086 CET4434976934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.495328903 CET49769443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.495445013 CET49769443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.495469093 CET4434976934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.566266060 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.579262972 CET49770443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.579277039 CET4434977034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.580104113 CET49770443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.581509113 CET49770443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.581521034 CET4434977034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.599976063 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.762236118 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.803174019 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.804512024 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.850075960 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.173173904 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.293838024 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.489526033 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.536437035 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.738450050 CET4434976834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.738543987 CET49768443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.741617918 CET49768443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.741627932 CET4434976834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.741838932 CET4434976834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.744431973 CET49768443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.744530916 CET49768443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.744554043 CET4434976834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.745378017 CET49768443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.747440100 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.750644922 CET4434976934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.750722885 CET49769443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.753978014 CET49769443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.753998995 CET4434976934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.754256010 CET4434976934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.756333113 CET49769443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.756412029 CET49769443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.756490946 CET4434976934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.757496119 CET49769443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.757735014 CET49769443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.866955042 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.882493019 CET4434977034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.882646084 CET49770443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.887950897 CET49770443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.887965918 CET4434977034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.888062954 CET49770443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.888076067 CET4434977034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.889229059 CET49770443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:34.022701025 CET49772443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:34.022716045 CET4434977234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:34.023152113 CET49772443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:34.024554014 CET49772443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:34.024571896 CET4434977234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:34.071434021 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:34.074564934 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:34.122639894 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:34.194153070 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:34.390018940 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:34.439052105 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.296943903 CET4434977234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.297014952 CET49772443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.301141977 CET49772443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.301151991 CET4434977234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.301238060 CET49772443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.301352978 CET4434977234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.303262949 CET49772443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.305185080 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.309067011 CET49778443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.309118986 CET4434977834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.310470104 CET49778443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.312028885 CET49778443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.312064886 CET4434977834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.424711943 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.628976107 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.632424116 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.673809052 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.752908945 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.948676109 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.996840000 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:36.521908998 CET4434977834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:36.521997929 CET49778443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:36.527848005 CET49778443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:36.527867079 CET4434977834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:36.528011084 CET49778443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:36.528069973 CET4434977834.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:36.529598951 CET49778443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:36.531999111 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:36.651552916 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:36.856019020 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:36.867953062 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:36.915205002 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:36.988135099 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:37.185478926 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:37.236048937 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:40.997054100 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:40.997092962 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:40.997845888 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:40.997957945 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:40.997972965 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.047563076 CET49790443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.047610044 CET4434979035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.096455097 CET49790443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.098608017 CET49790443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.098628998 CET4434979035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.311980009 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.312030077 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.313298941 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.314234018 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.314251900 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.314568043 CET49796443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.314610004 CET44349796151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.326729059 CET49796443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.327095032 CET49796443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.327114105 CET44349796151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.550795078 CET49797443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.550827980 CET4434979735.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.552160025 CET49797443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.554228067 CET49797443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.554244995 CET4434979735.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.257014036 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.257320881 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.262077093 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.262093067 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.262336016 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.265851974 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.265954018 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.266011000 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.266253948 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.272162914 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.393095970 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.399705887 CET4434979035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.399722099 CET4434979035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.399831057 CET49790443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.407031059 CET49790443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.407038927 CET4434979035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.407135010 CET49790443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.407249928 CET4434979035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.407936096 CET49790443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.597383022 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.601758003 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.609519005 CET49800443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.609616041 CET4434980034.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.609709024 CET49800443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.611294031 CET49800443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.611335039 CET4434980034.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.646739006 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.689140081 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.689264059 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.690967083 CET44349796151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.690979004 CET44349796151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.693223000 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.693253994 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.693593025 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.693705082 CET49796443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.696521997 CET49796443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.696537018 CET44349796151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.696798086 CET44349796151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.699054003 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.699181080 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.699234962 CET4434979535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.699788094 CET49795443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.701003075 CET49796443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.701077938 CET49796443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.701137066 CET44349796151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.714735985 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.715814114 CET49796443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.716128111 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.716169119 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.716243029 CET49802443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.716281891 CET4434980235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.716552019 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.716653109 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.716654062 CET49802443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.716665983 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.716811895 CET49802443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.716829062 CET4434980235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.719214916 CET49803443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.719239950 CET4434980335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.719408989 CET49803443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.719515085 CET49803443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.719527960 CET4434980335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.825269938 CET4434979735.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.825361967 CET49797443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.829353094 CET49797443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.829385042 CET4434979735.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.829461098 CET49797443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.829586029 CET4434979735.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.829655886 CET49797443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.842540979 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.842638016 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.842755079 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.842884064 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.842922926 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.853337049 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.853580952 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.048600912 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.057970047 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.060738087 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.101301908 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.180289030 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.375545979 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.433407068 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.949587107 CET4434980034.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.949664116 CET49800443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.953284979 CET49800443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.953293085 CET4434980034.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.953382969 CET49800443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.953473091 CET4434980034.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.954153061 CET49800443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.956090927 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.990621090 CET4434980335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.990724087 CET49803443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.993393898 CET49803443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.993413925 CET4434980335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.993632078 CET4434980335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.995618105 CET49803443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.995726109 CET49803443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.995804071 CET4434980335.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.995881081 CET49803443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.035557985 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.035653114 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.036242008 CET4434980235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.038418055 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.038427114 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.038618088 CET49802443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.038621902 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.041083097 CET49802443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.041093111 CET4434980235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.041410923 CET4434980235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.043343067 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.043443918 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.043451071 CET4434980135.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.044346094 CET49802443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.044439077 CET49802443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.044500113 CET4434980235.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.044667959 CET49801443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.044673920 CET49802443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.075704098 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.110575914 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.110667944 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.113589048 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.113595963 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.114267111 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.116164923 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.116276026 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.116499901 CET4434980434.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.116599083 CET49804443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.279819965 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.282989979 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.327186108 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.407607079 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.603574991 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.652518988 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:54.280693054 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:54.400362015 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:54.604018927 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:54.723575115 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.369226933 CET49853443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.369256973 CET4434985334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.369590998 CET49853443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.371089935 CET49853443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.371104002 CET4434985334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.411175966 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.532181025 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.734149933 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.854063988 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.630322933 CET4434985334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.630462885 CET49853443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.634107113 CET49853443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.634125948 CET4434985334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.634222984 CET49853443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.634248972 CET4434985334.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.634442091 CET49853443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.637152910 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.758100033 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.972661972 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.976526976 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:06.015955925 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:06.098433971 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:06.308600903 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:06.354576111 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:11.241425037 CET49869443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:11.241451025 CET4434986934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:11.241636038 CET49870443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:11.241724968 CET4434987034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:11.242038012 CET49869443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:11.242053986 CET49870443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:11.242252111 CET49869443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:11.242268085 CET4434986934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:11.242338896 CET49870443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:11.242373943 CET4434987034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.500184059 CET4434987034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.500263929 CET49870443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.503273010 CET49870443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.503292084 CET4434987034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.503516912 CET4434987034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.505769968 CET49870443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.505904913 CET4434987034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.505908012 CET49870443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.505923033 CET4434987034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.507503033 CET4434986934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.508964062 CET49869443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.512049913 CET49869443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.512058973 CET4434986934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.512305975 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.512399912 CET4434986934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.514679909 CET49869443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.514767885 CET49869443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.514863014 CET4434986934.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.515069008 CET49869443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.631875992 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.715336084 CET4434987034.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.715430975 CET49870443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.838773012 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.850009918 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.894463062 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.969692945 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:13.165391922 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:13.210994005 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:22.855091095 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:22.974608898 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:23.171533108 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:23.291058064 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:32.984926939 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:33.104469061 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:33.301357031 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:33.421030998 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:43.113940001 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:43.233766079 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:43.430485964 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:43.552522898 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:46.314917088 CET49947443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:46.314956903 CET4434994734.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:46.315020084 CET49947443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:46.316447020 CET49947443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:46.316473961 CET4434994734.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.539923906 CET4434994734.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.539999962 CET49947443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.545645952 CET49947443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.545653105 CET4434994734.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.545749903 CET49947443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.545831919 CET4434994734.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.546104908 CET49947443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.548283100 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.668847084 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.873452902 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.876981020 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.927433968 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:48.000000000 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:48.194746017 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:48.243928909 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:57.885597944 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:58.005736113 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:58.198873997 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:58.320106030 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:03:08.018063068 CET4972280192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:03:08.137653112 CET804972234.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:03:08.334453106 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:03:08.460771084 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.272006989 CET6199553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.499469042 CET53619951.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.500430107 CET5704453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.643253088 CET6009953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.727283001 CET53570441.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.870002031 CET53600991.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.872519016 CET5384653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.099229097 CET53538461.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.108131886 CET5817753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.341480970 CET53581771.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.475704908 CET5340453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.708168030 CET5118853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.870594978 CET6079853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.886650085 CET5960153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.938179016 CET53511881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.939141989 CET5466353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.098232985 CET53607981.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.114504099 CET53596011.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.165945053 CET53546631.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.192354918 CET5575353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.192523956 CET6223653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.198208094 CET6515853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.218641996 CET6185153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.427809954 CET53557531.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.428654909 CET5462953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.430043936 CET53622361.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.430619001 CET5328253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.433111906 CET53651581.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.433788061 CET5319053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.455400944 CET53618511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.656451941 CET53546291.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.658859015 CET53532821.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.661823988 CET53531901.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.359882116 CET5546553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.365626097 CET6016353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.366035938 CET5443153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.553376913 CET6446653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.589692116 CET53554651.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.590677977 CET6035453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.594022036 CET53601631.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.595232010 CET53544311.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.821549892 CET53603541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.988403082 CET6495853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.664551020 CET5130553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.686280012 CET53510261.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.891091108 CET53513051.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.896275043 CET5199253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.972033978 CET5435153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.123370886 CET53519921.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.160475969 CET6096453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.199003935 CET53543511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.226053953 CET5571753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.226571083 CET6028553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.389519930 CET53609641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.455513000 CET53602851.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.456268072 CET53557171.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.471919060 CET5697553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.472184896 CET5811153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.699388981 CET53581111.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.699404955 CET53569751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.447827101 CET5528953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.626429081 CET5148053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.677058935 CET53552891.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.715775967 CET5145053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.853063107 CET53514801.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.942181110 CET53514501.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.986769915 CET5985753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:24.215912104 CET53598571.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.897834063 CET6468653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.898166895 CET5466353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.898166895 CET4998453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.127367020 CET53646861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET53546631.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128189087 CET53499841.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.934393883 CET5946153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.934393883 CET5598653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.935249090 CET5329253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164366007 CET53594611.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164441109 CET53559861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.165419102 CET5777053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.165494919 CET4932253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.166047096 CET53532921.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.166500092 CET6129853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.404705048 CET53577701.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.404861927 CET53493221.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.405648947 CET6073853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.405713081 CET53612981.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.554898977 CET5342953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.557687044 CET5896153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.643349886 CET53607381.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.646454096 CET5031053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.790600061 CET53534291.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.791589975 CET6232253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.794698954 CET53589611.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.795375109 CET6415553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.879223108 CET53503101.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.025674105 CET53623221.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.026608944 CET5004653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.027971029 CET53641551.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.028618097 CET6134453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.253663063 CET53500461.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.256328106 CET53613441.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:34.023438931 CET5003953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:34.250572920 CET53500391.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:40.962970972 CET5382853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:40.992424011 CET4929953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.111546040 CET5781453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.309931040 CET53538281.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.310010910 CET53492991.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.313977003 CET6098353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.315531015 CET6536553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.549184084 CET53578141.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.549724102 CET53609831.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.549734116 CET53653651.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.551783085 CET5303853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.552057028 CET5524853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.782416105 CET53530381.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.782474041 CET53552481.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.783376932 CET5935553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.010097980 CET53593551.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.609736919 CET6114253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.962306976 CET53611421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.138288021 CET5777553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.368015051 CET53577751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.369508028 CET5819153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.606350899 CET53581911.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.637459040 CET5603353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:11.013864994 CET5064253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:11.240552902 CET53506421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:46.078953028 CET6249753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:46.313354015 CET53624971.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:46.316960096 CET5928453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:46.544683933 CET53592841.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.548568964 CET6174353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.272006989 CET192.168.2.51.1.1.10xec4Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.500430107 CET192.168.2.51.1.1.10x8d49Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.643253088 CET192.168.2.51.1.1.10xb579Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.872519016 CET192.168.2.51.1.1.10xa486Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.108131886 CET192.168.2.51.1.1.10xbdc4Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.475704908 CET192.168.2.51.1.1.10xe01dStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.708168030 CET192.168.2.51.1.1.10x8767Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.870594978 CET192.168.2.51.1.1.10x7a76Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.886650085 CET192.168.2.51.1.1.10x91ccStandard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.939141989 CET192.168.2.51.1.1.10x975dStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.192354918 CET192.168.2.51.1.1.10xc60cStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.192523956 CET192.168.2.51.1.1.10x8e62Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.198208094 CET192.168.2.51.1.1.10x715eStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.218641996 CET192.168.2.51.1.1.10xbf0fStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.428654909 CET192.168.2.51.1.1.10x6ef5Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.430619001 CET192.168.2.51.1.1.10x62a8Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.433788061 CET192.168.2.51.1.1.10x3d4eStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.359882116 CET192.168.2.51.1.1.10x164Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.365626097 CET192.168.2.51.1.1.10x6a4bStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.366035938 CET192.168.2.51.1.1.10x997eStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.553376913 CET192.168.2.51.1.1.10x3c73Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.590677977 CET192.168.2.51.1.1.10x272eStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.988403082 CET192.168.2.51.1.1.10x6bd5Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.664551020 CET192.168.2.51.1.1.10x7633Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.896275043 CET192.168.2.51.1.1.10x6128Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.972033978 CET192.168.2.51.1.1.10x350fStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.160475969 CET192.168.2.51.1.1.10xf9acStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.226053953 CET192.168.2.51.1.1.10x7131Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.226571083 CET192.168.2.51.1.1.10x3510Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.471919060 CET192.168.2.51.1.1.10x147aStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.472184896 CET192.168.2.51.1.1.10x198eStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.447827101 CET192.168.2.51.1.1.10xb12Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.626429081 CET192.168.2.51.1.1.10x33c5Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.715775967 CET192.168.2.51.1.1.10xcc46Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.986769915 CET192.168.2.51.1.1.10xa40dStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.897834063 CET192.168.2.51.1.1.10x7167Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.898166895 CET192.168.2.51.1.1.10x2585Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.898166895 CET192.168.2.51.1.1.10x8374Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.934393883 CET192.168.2.51.1.1.10xd69eStandard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.934393883 CET192.168.2.51.1.1.10x457Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.935249090 CET192.168.2.51.1.1.10x69e1Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.165419102 CET192.168.2.51.1.1.10xe15Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.165494919 CET192.168.2.51.1.1.10x404fStandard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.166500092 CET192.168.2.51.1.1.10x3b58Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.405648947 CET192.168.2.51.1.1.10xf58fStandard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.554898977 CET192.168.2.51.1.1.10x17ceStandard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.557687044 CET192.168.2.51.1.1.10x667fStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.646454096 CET192.168.2.51.1.1.10x37a5Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.791589975 CET192.168.2.51.1.1.10xdd41Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.795375109 CET192.168.2.51.1.1.10xe044Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.026608944 CET192.168.2.51.1.1.10x21e9Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.028618097 CET192.168.2.51.1.1.10xe32eStandard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:34.023438931 CET192.168.2.51.1.1.10xb74aStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:40.962970972 CET192.168.2.51.1.1.10xede6Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:40.992424011 CET192.168.2.51.1.1.10x6d4cStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.111546040 CET192.168.2.51.1.1.10x2307Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.313977003 CET192.168.2.51.1.1.10x4d35Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.315531015 CET192.168.2.51.1.1.10xe8faStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.551783085 CET192.168.2.51.1.1.10x701dStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.552057028 CET192.168.2.51.1.1.10x88e2Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.783376932 CET192.168.2.51.1.1.10x9696Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.609736919 CET192.168.2.51.1.1.10x5c04Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.138288021 CET192.168.2.51.1.1.10x1752Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.369508028 CET192.168.2.51.1.1.10xdcefStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.637459040 CET192.168.2.51.1.1.10x9479Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:11.013864994 CET192.168.2.51.1.1.10x9aecStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:46.078953028 CET192.168.2.51.1.1.10x95caStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:46.316960096 CET192.168.2.51.1.1.10xd140Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.548568964 CET192.168.2.51.1.1.10x625cStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.263015032 CET1.1.1.1192.168.2.50x1896No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.499469042 CET1.1.1.1192.168.2.50xec4No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:13.870002031 CET1.1.1.1192.168.2.50xb579No error (0)youtube.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.099229097 CET1.1.1.1192.168.2.50xa486No error (0)youtube.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.341480970 CET1.1.1.1192.168.2.50xbdc4No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.701786995 CET1.1.1.1192.168.2.50xe01dNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.701786995 CET1.1.1.1192.168.2.50xe01dNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.938179016 CET1.1.1.1192.168.2.50x8767No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.098232985 CET1.1.1.1192.168.2.50x7a76No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.114504099 CET1.1.1.1192.168.2.50x91ccNo error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.114504099 CET1.1.1.1192.168.2.50x91ccNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.115667105 CET1.1.1.1192.168.2.50x1537No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.115667105 CET1.1.1.1192.168.2.50x1537No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.165945053 CET1.1.1.1192.168.2.50x975dNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.427809954 CET1.1.1.1192.168.2.50xc60cNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.430043936 CET1.1.1.1192.168.2.50x8e62No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.433111906 CET1.1.1.1192.168.2.50x715eNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.455400944 CET1.1.1.1192.168.2.50xbf0fNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.455400944 CET1.1.1.1192.168.2.50xbf0fNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.455400944 CET1.1.1.1192.168.2.50xbf0fNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.589692116 CET1.1.1.1192.168.2.50x164No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.594022036 CET1.1.1.1192.168.2.50x6a4bNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.595232010 CET1.1.1.1192.168.2.50x997eNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.595232010 CET1.1.1.1192.168.2.50x997eNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.787271023 CET1.1.1.1192.168.2.50x3c73No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.787271023 CET1.1.1.1192.168.2.50x3c73No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.821549892 CET1.1.1.1192.168.2.50x272eNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.218856096 CET1.1.1.1192.168.2.50x6bd5No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.891091108 CET1.1.1.1192.168.2.50x7633No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.123370886 CET1.1.1.1192.168.2.50x6128No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.169297934 CET1.1.1.1192.168.2.50x5398No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.169297934 CET1.1.1.1192.168.2.50x5398No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.170079947 CET1.1.1.1192.168.2.50x24a8No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.199003935 CET1.1.1.1192.168.2.50x350fNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.199003935 CET1.1.1.1192.168.2.50x350fNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.455513000 CET1.1.1.1192.168.2.50x3510No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.456268072 CET1.1.1.1192.168.2.50x7131No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.677058935 CET1.1.1.1192.168.2.50xb12No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.677058935 CET1.1.1.1192.168.2.50xb12No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.677058935 CET1.1.1.1192.168.2.50xb12No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.849256992 CET1.1.1.1192.168.2.50x8c67No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.942181110 CET1.1.1.1192.168.2.50xcc46No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET1.1.1.1192.168.2.50x2585No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET1.1.1.1192.168.2.50x2585No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET1.1.1.1192.168.2.50x2585No error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET1.1.1.1192.168.2.50x2585No error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET1.1.1.1192.168.2.50x2585No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET1.1.1.1192.168.2.50x2585No error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET1.1.1.1192.168.2.50x2585No error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET1.1.1.1192.168.2.50x2585No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET1.1.1.1192.168.2.50x2585No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET1.1.1.1192.168.2.50x2585No error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET1.1.1.1192.168.2.50x2585No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET1.1.1.1192.168.2.50x2585No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET1.1.1.1192.168.2.50x2585No error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET1.1.1.1192.168.2.50x2585No error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET1.1.1.1192.168.2.50x2585No error (0)youtube-ui.l.google.com172.217.23.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET1.1.1.1192.168.2.50x2585No error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128046036 CET1.1.1.1192.168.2.50x2585No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128189087 CET1.1.1.1192.168.2.50x8374No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.128189087 CET1.1.1.1192.168.2.50x8374No error (0)star-mini.c10r.facebook.com157.240.253.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164366007 CET1.1.1.1192.168.2.50xd69eNo error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164366007 CET1.1.1.1192.168.2.50xd69eNo error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164366007 CET1.1.1.1192.168.2.50xd69eNo error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164366007 CET1.1.1.1192.168.2.50xd69eNo error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164366007 CET1.1.1.1192.168.2.50xd69eNo error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164366007 CET1.1.1.1192.168.2.50xd69eNo error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164366007 CET1.1.1.1192.168.2.50xd69eNo error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164366007 CET1.1.1.1192.168.2.50xd69eNo error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164366007 CET1.1.1.1192.168.2.50xd69eNo error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164366007 CET1.1.1.1192.168.2.50xd69eNo error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164366007 CET1.1.1.1192.168.2.50xd69eNo error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164366007 CET1.1.1.1192.168.2.50xd69eNo error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164366007 CET1.1.1.1192.168.2.50xd69eNo error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164366007 CET1.1.1.1192.168.2.50xd69eNo error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164366007 CET1.1.1.1192.168.2.50xd69eNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164366007 CET1.1.1.1192.168.2.50xd69eNo error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164441109 CET1.1.1.1192.168.2.50x457No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.164441109 CET1.1.1.1192.168.2.50x457No error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.166047096 CET1.1.1.1192.168.2.50x69e1No error (0)star-mini.c10r.facebook.com157.240.252.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.404705048 CET1.1.1.1192.168.2.50xe15No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.404705048 CET1.1.1.1192.168.2.50xe15No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.404705048 CET1.1.1.1192.168.2.50xe15No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.404705048 CET1.1.1.1192.168.2.50xe15No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.404861927 CET1.1.1.1192.168.2.50x404fNo error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.405713081 CET1.1.1.1192.168.2.50x3b58No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.643349886 CET1.1.1.1192.168.2.50xf58fNo error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.790600061 CET1.1.1.1192.168.2.50x17ceNo error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.790600061 CET1.1.1.1192.168.2.50x17ceNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.790600061 CET1.1.1.1192.168.2.50x17ceNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.790600061 CET1.1.1.1192.168.2.50x17ceNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.790600061 CET1.1.1.1192.168.2.50x17ceNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.794698954 CET1.1.1.1192.168.2.50x667fNo error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.025674105 CET1.1.1.1192.168.2.50xdd41No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.025674105 CET1.1.1.1192.168.2.50xdd41No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.025674105 CET1.1.1.1192.168.2.50xdd41No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.025674105 CET1.1.1.1192.168.2.50xdd41No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:31.027971029 CET1.1.1.1192.168.2.50xe044No error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.309920073 CET1.1.1.1192.168.2.50x1f06No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.309920073 CET1.1.1.1192.168.2.50x1f06No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.309931040 CET1.1.1.1192.168.2.50xede6No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.310010910 CET1.1.1.1192.168.2.50x6d4cNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.310010910 CET1.1.1.1192.168.2.50x6d4cNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.310010910 CET1.1.1.1192.168.2.50x6d4cNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.310010910 CET1.1.1.1192.168.2.50x6d4cNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.549184084 CET1.1.1.1192.168.2.50x2307No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.549184084 CET1.1.1.1192.168.2.50x2307No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.549734116 CET1.1.1.1192.168.2.50xe8faNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.549734116 CET1.1.1.1192.168.2.50xe8faNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.549734116 CET1.1.1.1192.168.2.50xe8faNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.549734116 CET1.1.1.1192.168.2.50xe8faNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.782416105 CET1.1.1.1192.168.2.50x701dNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.782416105 CET1.1.1.1192.168.2.50x701dNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.782416105 CET1.1.1.1192.168.2.50x701dNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.782416105 CET1.1.1.1192.168.2.50x701dNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:41.782474041 CET1.1.1.1192.168.2.50x88e2No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.282605886 CET1.1.1.1192.168.2.50xb60cNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.282605886 CET1.1.1.1192.168.2.50xb60cNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.368015051 CET1.1.1.1192.168.2.50x1752No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.867640018 CET1.1.1.1192.168.2.50x9479No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.867640018 CET1.1.1.1192.168.2.50x9479No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:11.240418911 CET1.1.1.1192.168.2.50xc5bcNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:46.313354015 CET1.1.1.1192.168.2.50x95caNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.775127888 CET1.1.1.1192.168.2.50x625cNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.775127888 CET1.1.1.1192.168.2.50x625cNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              • detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                              0192.168.2.54971434.107.221.82803620C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:14.823190928 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:15.958812952 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 70038
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                              1192.168.2.54972134.107.221.82803620C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.909229040 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:17.996510029 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 58099
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.101388931 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.421837091 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 58100
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.444971085 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.760514021 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 58100
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:28.775918007 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:29.940992117 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.257733107 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 58112
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.446460009 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.762236118 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 58114
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.173173904 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.489526033 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 58115
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:34.074564934 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:34.390018940 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 58116
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.632424116 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.948676109 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 58117
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:36.867953062 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:37.185478926 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 58119
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.601758003 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.048600912 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 58124
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.060738087 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.375545979 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 58125
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.282989979 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.603574991 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 58126
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:54.604018927 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.734149933 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.976526976 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:06.308600903 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 58148
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.850009918 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:13.165391922 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 58155
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:23.171533108 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:33.301357031 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:43.430485964 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.876981020 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:48.194746017 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Wed, 20 Nov 2024 20:52:58 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 58190
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:58.198873997 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:03:08.334453106 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                              2192.168.2.54972234.107.221.82803620C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:16.928911924 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.061330080 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Thu, 21 Nov 2024 06:38:18 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 22979
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.106195927 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:18.430171013 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Thu, 21 Nov 2024 06:38:18 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 22980
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.442893028 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:23.767091990 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Thu, 21 Nov 2024 06:38:18 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 22985
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.267815113 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:30.597920895 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Thu, 21 Nov 2024 06:38:18 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 22992
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.480375051 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:32.804512024 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Thu, 21 Nov 2024 06:38:18 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 22994
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:33.747440100 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:34.071434021 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Thu, 21 Nov 2024 06:38:18 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 22995
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.305185080 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:35.628976107 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Thu, 21 Nov 2024 06:38:18 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 22997
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:36.531999111 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:36.856019020 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Thu, 21 Nov 2024 06:38:18 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 22998
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.272162914 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.597383022 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Thu, 21 Nov 2024 06:38:18 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 23004
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:42.714735985 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.057970047 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Thu, 21 Nov 2024 06:38:18 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 23004
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:43.956090927 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:44.279819965 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Thu, 21 Nov 2024 06:38:18 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 23006
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:01:54.280693054 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:04.411175966 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.637152910 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:05.972661972 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Thu, 21 Nov 2024 06:38:18 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 23027
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.512305975 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:12.838773012 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Thu, 21 Nov 2024 06:38:18 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 23034
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:22.855091095 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:32.984926939 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:43.113940001 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.548283100 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:47.873452902 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Thu, 21 Nov 2024 06:38:18 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 23069
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:02:57.885597944 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Nov 21, 2024 14:03:08.018063068 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                                                                                                                                                              Start time:08:01:05
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xbe0000
                                                                                                                                                                                                                                                                                                                                                                              File size:922'624 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:EC1C70253B8B244E9A71D54D6B7A917C
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                                                                                                                                                                                                              Start time:08:01:05
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x850000
                                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                                                                                                                                                                              Start time:08:01:05
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                                                                                                                                                                              Start time:08:01:07
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x850000
                                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                                                                                                                                                              Start time:08:01:07
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                                                                                                                                                              Start time:08:01:07
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x850000
                                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                                                                                                                                                              Start time:08:01:07
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                                                                                                                                                                                              Start time:08:01:08
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x850000
                                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                                                                                                                                                              Start time:08:01:08
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                                                                                                                                                                                              Start time:08:01:08
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x850000
                                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                                                                                                                                                                              Start time:08:01:08
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                                                                                                                                                                                              Start time:08:01:08
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                                                                                                                                                                              Start time:08:01:08
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              Target ID:14
                                                                                                                                                                                                                                                                                                                                                                              Start time:08:01:08
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                                                                                                                                                                                                              Start time:08:01:09
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2196 -parentBuildID 20230927232528 -prefsHandle 2132 -prefMapHandle 2124 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ee1dab7-f32b-4025-b591-a5b59c3dd1bf} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" 1a93e66f310 socket
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                              Target ID:17
                                                                                                                                                                                                                                                                                                                                                                              Start time:08:01:12
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4292 -parentBuildID 20230927232528 -prefsHandle 4284 -prefMapHandle 1812 -prefsLen 26395 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4de74356-ab29-421f-accc-57ed584a4147} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" 1a94decfd10 rdd
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                              Target ID:18
                                                                                                                                                                                                                                                                                                                                                                              Start time:08:01:16
                                                                                                                                                                                                                                                                                                                                                                              Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5044 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 3288 -prefMapHandle 5040 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c3e6a35-4447-4030-865b-29b5ac416484} 3620 "\\.\pipe\gecko-crash-server-pipe.3620" 1a950216310 utility
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                Execution Coverage:2%
                                                                                                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                Signature Coverage:4.4%
                                                                                                                                                                                                                                                                                                                                                                                Total number of Nodes:1582
                                                                                                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:53
                                                                                                                                                                                                                                                                                                                                                                                execution_graph 96326 c22402 96329 be1410 96326->96329 96330 be144f mciSendStringW 96329->96330 96331 c224b8 DestroyWindow 96329->96331 96332 be146b 96330->96332 96333 be16c6 96330->96333 96344 c224c4 96331->96344 96334 be1479 96332->96334 96332->96344 96333->96332 96335 be16d5 UnregisterHotKey 96333->96335 96362 be182e 96334->96362 96335->96333 96337 c224e2 FindClose 96337->96344 96338 c224d8 96338->96344 96368 be6246 CloseHandle 96338->96368 96340 c22509 96343 c2251c FreeLibrary 96340->96343 96345 c2252d 96340->96345 96342 be148e 96342->96345 96351 be149c 96342->96351 96343->96340 96344->96337 96344->96338 96344->96340 96346 c22541 VirtualFree 96345->96346 96353 be1509 96345->96353 96346->96345 96347 be14f8 CoUninitialize 96347->96353 96348 be1514 96352 be1524 96348->96352 96349 c22589 96356 c22598 messages 96349->96356 96369 c532eb 6 API calls messages 96349->96369 96351->96347 96366 be1944 VirtualFreeEx CloseHandle 96352->96366 96353->96348 96353->96349 96358 c22627 96356->96358 96370 c464d4 22 API calls messages 96356->96370 96357 be153a 96357->96356 96359 be161f 96357->96359 96358->96358 96359->96358 96367 be1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96359->96367 96361 be16c1 96364 be183b 96362->96364 96363 be1480 96363->96340 96363->96342 96364->96363 96371 c4702a 22 API calls 96364->96371 96366->96357 96367->96361 96368->96338 96369->96349 96370->96356 96371->96364 96372 bef7bf 96373 befcb6 96372->96373 96374 bef7d3 96372->96374 96474 beaceb 96373->96474 96376 befcc2 96374->96376 96407 bffddb 96374->96407 96378 beaceb 23 API calls 96376->96378 96381 befd3d 96378->96381 96379 bef7e5 96379->96376 96380 bef83e 96379->96380 96379->96381 96397 beed9d messages 96380->96397 96417 bf1310 96380->96417 96484 c51155 22 API calls 96381->96484 96384 befef7 96384->96397 96486 bea8c7 22 API calls __fread_nolock 96384->96486 96387 c34b0b 96488 c5359c 82 API calls __wsopen_s 96387->96488 96388 bea8c7 22 API calls 96405 beec76 messages 96388->96405 96389 c34600 96389->96397 96485 bea8c7 22 API calls __fread_nolock 96389->96485 96394 c00242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96394->96405 96396 befbe3 96396->96397 96400 c34bdc 96396->96400 96406 bef3ae messages 96396->96406 96398 bea961 22 API calls 96398->96405 96399 c000a3 29 API calls pre_c_initialization 96399->96405 96489 c5359c 82 API calls __wsopen_s 96400->96489 96402 c34beb 96490 c5359c 82 API calls __wsopen_s 96402->96490 96403 c001f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96403->96405 96404 bffddb 22 API calls 96404->96405 96405->96384 96405->96387 96405->96388 96405->96389 96405->96394 96405->96396 96405->96397 96405->96398 96405->96399 96405->96402 96405->96403 96405->96404 96405->96406 96472 bf01e0 348 API calls 2 library calls 96405->96472 96473 bf06a0 41 API calls messages 96405->96473 96406->96397 96487 c5359c 82 API calls __wsopen_s 96406->96487 96410 bffde0 96407->96410 96409 bffdfa 96409->96379 96410->96409 96413 bffdfc 96410->96413 96491 c0ea0c 96410->96491 96498 c04ead 7 API calls 2 library calls 96410->96498 96412 c0066d 96500 c032a4 RaiseException 96412->96500 96413->96412 96499 c032a4 RaiseException 96413->96499 96415 c0068a 96415->96379 96418 bf1376 96417->96418 96419 bf17b0 96417->96419 96421 c36331 96418->96421 96422 bf1390 96418->96422 96576 c00242 5 API calls __Init_thread_wait 96419->96576 96423 c3633d 96421->96423 96586 c6709c 348 API calls 96421->96586 96426 bf1940 9 API calls 96422->96426 96423->96405 96425 bf17ba 96427 bf17fb 96425->96427 96577 be9cb3 96425->96577 96428 bf13a0 96426->96428 96432 c36346 96427->96432 96434 bf182c 96427->96434 96429 bf1940 9 API calls 96428->96429 96431 bf13b6 96429->96431 96431->96427 96433 bf13ec 96431->96433 96587 c5359c 82 API calls __wsopen_s 96432->96587 96433->96432 96457 bf1408 __fread_nolock 96433->96457 96435 beaceb 23 API calls 96434->96435 96437 bf1839 96435->96437 96584 bfd217 348 API calls 96437->96584 96438 bf17d4 96583 c001f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96438->96583 96441 c3636e 96588 c5359c 82 API calls __wsopen_s 96441->96588 96442 bf152f 96444 c363d1 96442->96444 96445 bf153c 96442->96445 96590 c65745 54 API calls _wcslen 96444->96590 96447 bf1940 9 API calls 96445->96447 96448 bf1549 96447->96448 96452 bf1940 9 API calls 96448->96452 96464 bf15c7 messages 96448->96464 96449 bffddb 22 API calls 96449->96457 96451 bf1872 96585 bffaeb 23 API calls 96451->96585 96462 bf1563 96452->96462 96453 bf171d 96453->96405 96457->96437 96457->96441 96457->96442 96457->96449 96459 c363b2 96457->96459 96457->96464 96541 bffe0b 96457->96541 96551 beec40 96457->96551 96458 bf167b messages 96458->96453 96575 bfce17 22 API calls messages 96458->96575 96589 c5359c 82 API calls __wsopen_s 96459->96589 96462->96464 96591 bea8c7 22 API calls __fread_nolock 96462->96591 96464->96451 96464->96458 96503 bf1940 96464->96503 96513 c6ab67 96464->96513 96516 c6a2ea 96464->96516 96521 c6abf7 96464->96521 96526 bff645 96464->96526 96533 c71591 96464->96533 96536 c55c5a 96464->96536 96592 c5359c 82 API calls __wsopen_s 96464->96592 96472->96405 96473->96405 96475 beacf9 96474->96475 96483 bead2a messages 96474->96483 96476 bead55 96475->96476 96477 bead01 messages 96475->96477 96476->96483 96823 bea8c7 22 API calls __fread_nolock 96476->96823 96479 c2fa48 96477->96479 96480 bead21 96477->96480 96477->96483 96479->96483 96824 bfce17 22 API calls messages 96479->96824 96481 c2fa3a VariantClear 96480->96481 96480->96483 96481->96483 96483->96376 96484->96397 96485->96397 96486->96397 96487->96397 96488->96397 96489->96402 96490->96397 96496 c13820 __dosmaperr 96491->96496 96492 c1385e 96502 c0f2d9 20 API calls __dosmaperr 96492->96502 96493 c13849 RtlAllocateHeap 96495 c1385c 96493->96495 96493->96496 96495->96410 96496->96492 96496->96493 96501 c04ead 7 API calls 2 library calls 96496->96501 96498->96410 96499->96412 96500->96415 96501->96496 96502->96495 96504 bf1981 96503->96504 96511 bf195d 96503->96511 96593 c00242 5 API calls __Init_thread_wait 96504->96593 96507 bf198b 96507->96511 96594 c001f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96507->96594 96508 bf8727 96512 bf196e 96508->96512 96596 c001f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96508->96596 96511->96512 96595 c00242 5 API calls __Init_thread_wait 96511->96595 96512->96464 96597 c6aff9 96513->96597 96517 be7510 53 API calls 96516->96517 96518 c6a306 96517->96518 96752 c4d4dc CreateToolhelp32Snapshot Process32FirstW 96518->96752 96520 c6a315 96520->96464 96522 c6aff9 217 API calls 96521->96522 96524 c6ac0c 96522->96524 96523 c6ac54 96523->96464 96524->96523 96525 beaceb 23 API calls 96524->96525 96525->96523 96527 beb567 39 API calls 96526->96527 96528 bff659 96527->96528 96529 bff661 timeGetTime 96528->96529 96530 c3f2dc Sleep 96528->96530 96531 beb567 39 API calls 96529->96531 96532 bff677 96531->96532 96532->96464 96773 c72ad8 96533->96773 96535 c7159f 96535->96464 96537 be7510 53 API calls 96536->96537 96538 c55c6d 96537->96538 96807 c4dbbe lstrlenW 96538->96807 96540 c55c77 96540->96464 96543 bffddb 96541->96543 96542 c0ea0c ___std_exception_copy 21 API calls 96542->96543 96543->96542 96544 bffdfa 96543->96544 96546 bffdfc 96543->96546 96812 c04ead 7 API calls 2 library calls 96543->96812 96544->96457 96547 c0066d 96546->96547 96813 c032a4 RaiseException 96546->96813 96814 c032a4 RaiseException 96547->96814 96549 c0068a 96549->96457 96554 beec76 messages 96551->96554 96552 c00242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96552->96554 96553 c000a3 29 API calls pre_c_initialization 96553->96554 96554->96552 96554->96553 96555 c001f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96554->96555 96556 c34beb 96554->96556 96558 bffddb 22 API calls 96554->96558 96560 c34b0b 96554->96560 96561 bea8c7 22 API calls 96554->96561 96562 bef3ae messages 96554->96562 96563 befef7 96554->96563 96564 c34600 96554->96564 96570 befbe3 96554->96570 96571 bea961 22 API calls 96554->96571 96572 beed9d messages 96554->96572 96815 bf01e0 348 API calls 2 library calls 96554->96815 96816 bf06a0 41 API calls messages 96554->96816 96555->96554 96822 c5359c 82 API calls __wsopen_s 96556->96822 96558->96554 96820 c5359c 82 API calls __wsopen_s 96560->96820 96561->96554 96562->96572 96819 c5359c 82 API calls __wsopen_s 96562->96819 96563->96572 96818 bea8c7 22 API calls __fread_nolock 96563->96818 96564->96572 96817 bea8c7 22 API calls __fread_nolock 96564->96817 96570->96562 96570->96572 96573 c34bdc 96570->96573 96571->96554 96572->96457 96821 c5359c 82 API calls __wsopen_s 96573->96821 96575->96458 96576->96425 96578 be9cc2 _wcslen 96577->96578 96579 bffe0b 22 API calls 96578->96579 96580 be9cea __fread_nolock 96579->96580 96581 bffddb 22 API calls 96580->96581 96582 be9d00 96581->96582 96582->96438 96583->96427 96584->96451 96585->96451 96586->96423 96587->96464 96588->96464 96589->96464 96590->96462 96591->96464 96592->96464 96593->96507 96594->96511 96595->96508 96596->96512 96598 c6b01d ___scrt_fastfail 96597->96598 96599 c6b094 96598->96599 96600 c6b058 96598->96600 96604 beb567 39 API calls 96599->96604 96605 c6b08b 96599->96605 96718 beb567 96600->96718 96602 c6b063 96602->96605 96608 beb567 39 API calls 96602->96608 96603 c6b0ed 96688 be7510 96603->96688 96607 c6b0a5 96604->96607 96605->96603 96609 beb567 39 API calls 96605->96609 96611 beb567 39 API calls 96607->96611 96612 c6b078 96608->96612 96609->96603 96611->96605 96615 beb567 39 API calls 96612->96615 96614 c6b115 96616 c6b11f 96614->96616 96617 c6b1d8 96614->96617 96615->96605 96618 be7510 53 API calls 96616->96618 96619 c6b20a GetCurrentDirectoryW 96617->96619 96622 be7510 53 API calls 96617->96622 96620 c6b130 96618->96620 96621 bffe0b 22 API calls 96619->96621 96623 be7620 22 API calls 96620->96623 96624 c6b22f GetCurrentDirectoryW 96621->96624 96625 c6b1ef 96622->96625 96626 c6b13a 96623->96626 96627 c6b23c 96624->96627 96628 be7620 22 API calls 96625->96628 96629 be7510 53 API calls 96626->96629 96632 c6b275 96627->96632 96723 be9c6e 22 API calls 96627->96723 96630 c6b1f9 _wcslen 96628->96630 96631 c6b14b 96629->96631 96630->96619 96630->96632 96633 be7620 22 API calls 96631->96633 96637 c6b287 96632->96637 96638 c6b28b 96632->96638 96635 c6b155 96633->96635 96639 be7510 53 API calls 96635->96639 96636 c6b255 96724 be9c6e 22 API calls 96636->96724 96645 c6b39a CreateProcessW 96637->96645 96646 c6b2f8 96637->96646 96726 c507c0 10 API calls 96638->96726 96642 c6b166 96639->96642 96647 be7620 22 API calls 96642->96647 96643 c6b265 96725 be9c6e 22 API calls 96643->96725 96644 c6b294 96727 c506e6 10 API calls 96644->96727 96687 c6b32f _wcslen 96645->96687 96729 c411c8 39 API calls 96646->96729 96651 c6b170 96647->96651 96654 c6b1a6 GetSystemDirectoryW 96651->96654 96659 be7510 53 API calls 96651->96659 96652 c6b2aa 96728 c505a7 8 API calls 96652->96728 96653 c6b2fd 96657 c6b323 96653->96657 96658 c6b32a 96653->96658 96656 bffe0b 22 API calls 96654->96656 96663 c6b1cb GetSystemDirectoryW 96656->96663 96730 c41201 128 API calls 2 library calls 96657->96730 96731 c414ce 6 API calls 96658->96731 96660 c6b187 96659->96660 96665 be7620 22 API calls 96660->96665 96662 c6b2d0 96662->96637 96663->96627 96667 c6b191 _wcslen 96665->96667 96666 c6b328 96666->96687 96667->96627 96667->96654 96668 c6b3d6 GetLastError 96677 c6b41a 96668->96677 96669 c6b42f CloseHandle 96670 c6b43f 96669->96670 96678 c6b49a 96669->96678 96671 c6b446 CloseHandle 96670->96671 96672 c6b451 96670->96672 96671->96672 96675 c6b463 96672->96675 96676 c6b458 CloseHandle 96672->96676 96674 c6b4a6 96674->96677 96679 c6b475 96675->96679 96680 c6b46a CloseHandle 96675->96680 96676->96675 96715 c50175 96677->96715 96678->96674 96683 c6b4d2 CloseHandle 96678->96683 96732 c509d9 34 API calls 96679->96732 96680->96679 96683->96677 96685 c6b486 96733 c6b536 25 API calls 96685->96733 96687->96668 96687->96669 96689 be7525 96688->96689 96690 be7522 96688->96690 96691 be752d 96689->96691 96692 be755b 96689->96692 96711 be7620 96690->96711 96734 c051c6 26 API calls 96691->96734 96693 c250f6 96692->96693 96695 be756d 96692->96695 96702 c2500f 96692->96702 96737 c05183 26 API calls 96693->96737 96735 bffb21 51 API calls 96695->96735 96696 be753d 96701 bffddb 22 API calls 96696->96701 96699 c2510e 96699->96699 96703 be7547 96701->96703 96705 bffe0b 22 API calls 96702->96705 96706 c25088 96702->96706 96704 be9cb3 22 API calls 96703->96704 96704->96690 96707 c25058 96705->96707 96736 bffb21 51 API calls 96706->96736 96708 bffddb 22 API calls 96707->96708 96709 c2507f 96708->96709 96710 be9cb3 22 API calls 96709->96710 96710->96706 96712 be762a _wcslen 96711->96712 96713 bffe0b 22 API calls 96712->96713 96714 be763f 96713->96714 96714->96614 96738 c5030f 96715->96738 96719 beb578 96718->96719 96720 beb57f 96718->96720 96719->96720 96751 c062d1 39 API calls _strftime 96719->96751 96720->96602 96722 beb5c2 96722->96602 96723->96636 96724->96643 96725->96632 96726->96644 96727->96652 96728->96662 96729->96653 96730->96666 96731->96687 96732->96685 96733->96678 96734->96696 96735->96696 96736->96693 96737->96699 96739 c50321 CloseHandle 96738->96739 96740 c50329 96738->96740 96739->96740 96741 c50336 96740->96741 96742 c5032e CloseHandle 96740->96742 96743 c50343 96741->96743 96744 c5033b CloseHandle 96741->96744 96742->96741 96745 c50350 96743->96745 96746 c50348 CloseHandle 96743->96746 96744->96743 96747 c50355 CloseHandle 96745->96747 96748 c5035d 96745->96748 96746->96745 96747->96748 96749 c50362 CloseHandle 96748->96749 96750 c5017d 96748->96750 96749->96750 96750->96464 96751->96722 96762 c4def7 96752->96762 96754 c4d529 Process32NextW 96755 c4d5db CloseHandle 96754->96755 96757 c4d522 96754->96757 96755->96520 96756 bea961 22 API calls 96756->96757 96757->96754 96757->96755 96757->96756 96758 be9cb3 22 API calls 96757->96758 96768 be525f 22 API calls 96757->96768 96769 be6350 22 API calls 96757->96769 96770 bfce60 41 API calls 96757->96770 96758->96757 96763 c4df02 96762->96763 96764 c4df19 96763->96764 96767 c4df1f 96763->96767 96771 c063b2 GetStringTypeW _strftime 96763->96771 96772 c062fb 39 API calls _strftime 96764->96772 96767->96757 96768->96757 96769->96757 96770->96757 96771->96763 96772->96767 96774 beaceb 23 API calls 96773->96774 96775 c72af3 96774->96775 96776 c72aff 96775->96776 96777 c72b1d 96775->96777 96778 be7510 53 API calls 96776->96778 96784 be6b57 96777->96784 96780 c72b0c 96778->96780 96781 c72b1b 96780->96781 96783 bea8c7 22 API calls __fread_nolock 96780->96783 96781->96535 96783->96781 96785 c24ba1 96784->96785 96786 be6b67 _wcslen 96784->96786 96797 be93b2 96785->96797 96789 be6b7d 96786->96789 96790 be6ba2 96786->96790 96788 c24baa 96788->96788 96796 be6f34 22 API calls 96789->96796 96792 bffddb 22 API calls 96790->96792 96793 be6bae 96792->96793 96795 bffe0b 22 API calls 96793->96795 96794 be6b85 __fread_nolock 96794->96781 96795->96794 96796->96794 96798 be93c9 __fread_nolock 96797->96798 96799 be93c0 96797->96799 96798->96788 96799->96798 96801 beaec9 96799->96801 96802 beaedc 96801->96802 96806 beaed9 __fread_nolock 96801->96806 96803 bffddb 22 API calls 96802->96803 96804 beaee7 96803->96804 96805 bffe0b 22 API calls 96804->96805 96805->96806 96806->96798 96808 c4dc06 96807->96808 96809 c4dbdc GetFileAttributesW 96807->96809 96808->96540 96809->96808 96810 c4dbe8 FindFirstFileW 96809->96810 96810->96808 96811 c4dbf9 FindClose 96810->96811 96811->96808 96812->96543 96813->96547 96814->96549 96815->96554 96816->96554 96817->96572 96818->96572 96819->96572 96820->96572 96821->96556 96822->96572 96823->96483 96824->96483 96825 bedefc 96828 be1d6f 96825->96828 96827 bedf07 96829 be1d8c 96828->96829 96837 be1f6f 96829->96837 96831 be1da6 96832 c22759 96831->96832 96834 be1e36 96831->96834 96835 be1dc2 96831->96835 96841 c5359c 82 API calls __wsopen_s 96832->96841 96834->96827 96835->96834 96840 be289a 23 API calls 96835->96840 96838 beec40 348 API calls 96837->96838 96839 be1f98 96838->96839 96839->96831 96840->96834 96841->96834 96842 c32a00 96857 bed7b0 messages 96842->96857 96843 bedb11 PeekMessageW 96843->96857 96844 bed807 GetInputState 96844->96843 96844->96857 96846 c31cbe TranslateAcceleratorW 96846->96857 96847 bedb8f PeekMessageW 96847->96857 96848 bedb73 TranslateMessage DispatchMessageW 96848->96847 96849 beda04 timeGetTime 96849->96857 96850 bedbaf Sleep 96850->96857 96851 c32b74 Sleep 96863 c32a51 96851->96863 96853 c31dda timeGetTime 96946 bfe300 23 API calls 96853->96946 96856 c4d4dc 47 API calls 96856->96863 96857->96843 96857->96844 96857->96846 96857->96847 96857->96848 96857->96849 96857->96850 96857->96851 96857->96853 96857->96863 96864 bed9d5 96857->96864 96870 beec40 348 API calls 96857->96870 96872 bf1310 348 API calls 96857->96872 96874 bedd50 96857->96874 96881 bebf40 96857->96881 96939 bfedf6 96857->96939 96944 bedfd0 348 API calls 3 library calls 96857->96944 96945 bfe551 timeGetTime 96857->96945 96947 c53a2a 23 API calls 96857->96947 96948 c5359c 82 API calls __wsopen_s 96857->96948 96858 c32c0b GetExitCodeProcess 96861 c32c21 WaitForSingleObject 96858->96861 96862 c32c37 CloseHandle 96858->96862 96859 c729bf GetForegroundWindow 96859->96863 96861->96857 96861->96862 96862->96863 96863->96856 96863->96857 96863->96858 96863->96859 96863->96864 96865 c32ca9 Sleep 96863->96865 96949 c65658 23 API calls 96863->96949 96950 c4e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96863->96950 96951 bfe551 timeGetTime 96863->96951 96865->96857 96870->96857 96872->96857 96875 bedd6f 96874->96875 96876 bedd83 96874->96876 96952 bed260 96875->96952 96984 c5359c 82 API calls __wsopen_s 96876->96984 96878 bedd7a 96878->96857 96880 c32f75 96880->96880 96991 beadf0 96881->96991 96883 bebf9d 96884 c304b6 96883->96884 96885 bebfa9 96883->96885 97009 c5359c 82 API calls __wsopen_s 96884->97009 96887 bec01e 96885->96887 96888 c304c6 96885->96888 96996 beac91 96887->96996 97010 c5359c 82 API calls __wsopen_s 96888->97010 96892 c47120 22 API calls 96923 bec039 __fread_nolock messages 96892->96923 96893 bec7da 96896 bffe0b 22 API calls 96893->96896 96904 bec808 __fread_nolock 96896->96904 96898 c304f5 96901 c3055a 96898->96901 97011 bfd217 348 API calls 96898->97011 96938 bec603 96901->96938 97012 c5359c 82 API calls __wsopen_s 96901->97012 96902 bffe0b 22 API calls 96925 bec350 __fread_nolock messages 96902->96925 96903 beaf8a 22 API calls 96903->96923 96904->96902 96905 c3091a 97021 c53209 23 API calls 96905->97021 96908 beec40 348 API calls 96908->96923 96909 c308a5 96910 beec40 348 API calls 96909->96910 96911 c308cf 96910->96911 96911->96938 97019 bea81b 41 API calls 96911->97019 96913 c30591 97013 c5359c 82 API calls __wsopen_s 96913->97013 96914 c308f6 97020 c5359c 82 API calls __wsopen_s 96914->97020 96919 bec3ac 96919->96857 96920 bec237 96924 bec253 96920->96924 97022 bea8c7 22 API calls __fread_nolock 96920->97022 96921 bffddb 22 API calls 96921->96923 96922 beaceb 23 API calls 96922->96923 96923->96892 96923->96893 96923->96898 96923->96901 96923->96903 96923->96904 96923->96905 96923->96908 96923->96909 96923->96913 96923->96914 96923->96920 96923->96921 96923->96922 96929 c309bf 96923->96929 96934 bebbe0 40 API calls 96923->96934 96937 bffe0b 22 API calls 96923->96937 96923->96938 97000 bead81 96923->97000 97014 c47099 22 API calls __fread_nolock 96923->97014 97015 c65745 54 API calls _wcslen 96923->97015 97016 bfaa42 22 API calls messages 96923->97016 97017 c4f05c 40 API calls 96923->97017 97018 bea993 41 API calls 96923->97018 96927 bec297 messages 96924->96927 96928 c30976 96924->96928 96925->96919 97008 bfce17 22 API calls messages 96925->97008 96927->96929 96932 beaceb 23 API calls 96927->96932 96931 beaceb 23 API calls 96928->96931 96929->96938 97023 c5359c 82 API calls __wsopen_s 96929->97023 96931->96929 96933 bec335 96932->96933 96933->96929 96935 bec342 96933->96935 96934->96923 97007 bea704 22 API calls messages 96935->97007 96937->96923 96938->96857 96940 bfee09 96939->96940 96941 bfee12 96939->96941 96940->96857 96941->96940 96942 bfee36 IsDialogMessageW 96941->96942 96943 c3efaf GetClassLongW 96941->96943 96942->96940 96942->96941 96943->96941 96943->96942 96944->96857 96945->96857 96946->96857 96947->96857 96948->96857 96949->96863 96950->96863 96951->96863 96953 beec40 348 API calls 96952->96953 96970 bed29d 96953->96970 96954 c31bc4 96990 c5359c 82 API calls __wsopen_s 96954->96990 96956 bed30b messages 96956->96878 96957 bed3c3 96958 bed3ce 96957->96958 96959 bed6d5 96957->96959 96961 bffddb 22 API calls 96958->96961 96959->96956 96967 bffe0b 22 API calls 96959->96967 96960 bed5ff 96962 c31bb5 96960->96962 96963 bed614 96960->96963 96972 bed3d5 __fread_nolock 96961->96972 96989 c65705 23 API calls 96962->96989 96966 bffddb 22 API calls 96963->96966 96964 bed4b8 96968 bffe0b 22 API calls 96964->96968 96976 bed46a 96966->96976 96967->96972 96979 bed429 __fread_nolock messages 96968->96979 96969 bffddb 22 API calls 96971 bed3f6 96969->96971 96970->96954 96970->96956 96970->96957 96970->96959 96970->96964 96973 bffddb 22 API calls 96970->96973 96970->96979 96971->96979 96985 bebec0 348 API calls 96971->96985 96972->96969 96972->96971 96973->96970 96975 c31ba4 96988 c5359c 82 API calls __wsopen_s 96975->96988 96976->96878 96978 be1f6f 348 API calls 96978->96979 96979->96960 96979->96975 96979->96976 96979->96978 96980 c31b7f 96979->96980 96982 c31b5d 96979->96982 96987 c5359c 82 API calls __wsopen_s 96980->96987 96986 c5359c 82 API calls __wsopen_s 96982->96986 96984->96880 96985->96979 96986->96976 96987->96976 96988->96976 96989->96954 96990->96956 96992 beae01 96991->96992 96995 beae1c messages 96991->96995 96993 beaec9 22 API calls 96992->96993 96994 beae09 CharUpperBuffW 96993->96994 96994->96995 96995->96883 96997 beacae 96996->96997 96999 beacd1 96997->96999 97024 c5359c 82 API calls __wsopen_s 96997->97024 96999->96923 97001 c2fadb 97000->97001 97002 bead92 97000->97002 97003 bffddb 22 API calls 97002->97003 97004 bead99 97003->97004 97025 beadcd 97004->97025 97007->96925 97008->96925 97009->96888 97010->96938 97011->96901 97012->96938 97013->96938 97014->96923 97015->96923 97016->96923 97017->96923 97018->96923 97019->96914 97020->96938 97021->96920 97022->96924 97023->96938 97024->96999 97029 beaddd 97025->97029 97026 beadb6 97026->96923 97027 bffddb 22 API calls 97027->97029 97029->97026 97029->97027 97031 beadcd 22 API calls 97029->97031 97032 bea961 97029->97032 97037 bea8c7 22 API calls __fread_nolock 97029->97037 97031->97029 97033 bffe0b 22 API calls 97032->97033 97034 bea976 97033->97034 97035 bffddb 22 API calls 97034->97035 97036 bea984 97035->97036 97036->97029 97037->97029 97038 c18402 97043 c181be 97038->97043 97041 c1842a 97048 c181ef try_get_first_available_module 97043->97048 97045 c183ee 97062 c127ec 26 API calls __wsopen_s 97045->97062 97047 c18343 97047->97041 97055 c20984 97047->97055 97051 c18338 97048->97051 97058 c08e0b 40 API calls 2 library calls 97048->97058 97050 c1838c 97050->97051 97059 c08e0b 40 API calls 2 library calls 97050->97059 97051->97047 97061 c0f2d9 20 API calls __dosmaperr 97051->97061 97053 c183ab 97053->97051 97060 c08e0b 40 API calls 2 library calls 97053->97060 97063 c20081 97055->97063 97057 c2099f 97057->97041 97058->97050 97059->97053 97060->97051 97061->97045 97062->97047 97064 c2008d ___scrt_is_nonwritable_in_current_image 97063->97064 97065 c2009b 97064->97065 97067 c200d4 97064->97067 97121 c0f2d9 20 API calls __dosmaperr 97065->97121 97074 c2065b 97067->97074 97068 c200a0 97122 c127ec 26 API calls __wsopen_s 97068->97122 97073 c200aa __wsopen_s 97073->97057 97124 c2042f 97074->97124 97077 c206a6 97142 c15221 97077->97142 97078 c2068d 97156 c0f2c6 20 API calls __dosmaperr 97078->97156 97081 c20692 97157 c0f2d9 20 API calls __dosmaperr 97081->97157 97082 c206ab 97083 c206b4 97082->97083 97084 c206cb 97082->97084 97158 c0f2c6 20 API calls __dosmaperr 97083->97158 97155 c2039a CreateFileW 97084->97155 97088 c200f8 97123 c20121 LeaveCriticalSection __wsopen_s 97088->97123 97089 c206b9 97159 c0f2d9 20 API calls __dosmaperr 97089->97159 97090 c20781 GetFileType 97093 c207d3 97090->97093 97094 c2078c GetLastError 97090->97094 97092 c20756 GetLastError 97161 c0f2a3 20 API calls __dosmaperr 97092->97161 97164 c1516a 21 API calls 2 library calls 97093->97164 97162 c0f2a3 20 API calls __dosmaperr 97094->97162 97095 c20704 97095->97090 97095->97092 97160 c2039a CreateFileW 97095->97160 97099 c2079a CloseHandle 97099->97081 97102 c207c3 97099->97102 97101 c20749 97101->97090 97101->97092 97163 c0f2d9 20 API calls __dosmaperr 97102->97163 97103 c207f4 97106 c20840 97103->97106 97165 c205ab 72 API calls 3 library calls 97103->97165 97105 c207c8 97105->97081 97110 c2086d 97106->97110 97166 c2014d 72 API calls 4 library calls 97106->97166 97109 c20866 97109->97110 97111 c2087e 97109->97111 97167 c186ae 97110->97167 97111->97088 97113 c208fc CloseHandle 97111->97113 97182 c2039a CreateFileW 97113->97182 97115 c20927 97116 c2095d 97115->97116 97117 c20931 GetLastError 97115->97117 97116->97088 97183 c0f2a3 20 API calls __dosmaperr 97117->97183 97119 c2093d 97184 c15333 21 API calls 2 library calls 97119->97184 97121->97068 97122->97073 97123->97073 97125 c20450 97124->97125 97130 c2046a 97124->97130 97125->97130 97192 c0f2d9 20 API calls __dosmaperr 97125->97192 97128 c2045f 97193 c127ec 26 API calls __wsopen_s 97128->97193 97185 c203bf 97130->97185 97131 c204d1 97140 c20524 97131->97140 97196 c0d70d 26 API calls 2 library calls 97131->97196 97132 c204a2 97132->97131 97194 c0f2d9 20 API calls __dosmaperr 97132->97194 97135 c2051f 97137 c2059e 97135->97137 97135->97140 97136 c204c6 97195 c127ec 26 API calls __wsopen_s 97136->97195 97197 c127fc 11 API calls _abort 97137->97197 97140->97077 97140->97078 97141 c205aa 97143 c1522d ___scrt_is_nonwritable_in_current_image 97142->97143 97200 c12f5e EnterCriticalSection 97143->97200 97145 c1527b 97201 c1532a 97145->97201 97147 c15259 97204 c15000 97147->97204 97148 c15234 97148->97145 97148->97147 97152 c152c7 EnterCriticalSection 97148->97152 97149 c152a4 __wsopen_s 97149->97082 97152->97145 97154 c152d4 LeaveCriticalSection 97152->97154 97154->97148 97155->97095 97156->97081 97157->97088 97158->97089 97159->97081 97160->97101 97161->97081 97162->97099 97163->97105 97164->97103 97165->97106 97166->97109 97230 c153c4 97167->97230 97169 c186c4 97243 c15333 21 API calls 2 library calls 97169->97243 97171 c186be 97171->97169 97172 c153c4 __wsopen_s 26 API calls 97171->97172 97181 c186f6 97171->97181 97174 c186ed 97172->97174 97173 c153c4 __wsopen_s 26 API calls 97175 c18702 CloseHandle 97173->97175 97178 c153c4 __wsopen_s 26 API calls 97174->97178 97175->97169 97179 c1870e GetLastError 97175->97179 97176 c1873e 97176->97088 97177 c1871c 97177->97176 97244 c0f2a3 20 API calls __dosmaperr 97177->97244 97178->97181 97179->97169 97181->97169 97181->97173 97182->97115 97183->97119 97184->97116 97187 c203d7 97185->97187 97186 c203f2 97186->97132 97187->97186 97198 c0f2d9 20 API calls __dosmaperr 97187->97198 97189 c20416 97199 c127ec 26 API calls __wsopen_s 97189->97199 97191 c20421 97191->97132 97192->97128 97193->97130 97194->97136 97195->97131 97196->97135 97197->97141 97198->97189 97199->97191 97200->97148 97212 c12fa6 LeaveCriticalSection 97201->97212 97203 c15331 97203->97149 97213 c14c7d 97204->97213 97206 c15012 97210 c1501f 97206->97210 97220 c13405 11 API calls 2 library calls 97206->97220 97208 c15071 97208->97145 97211 c15147 EnterCriticalSection 97208->97211 97221 c129c8 97210->97221 97211->97145 97212->97203 97218 c14c8a __dosmaperr 97213->97218 97214 c14cca 97228 c0f2d9 20 API calls __dosmaperr 97214->97228 97215 c14cb5 RtlAllocateHeap 97216 c14cc8 97215->97216 97215->97218 97216->97206 97218->97214 97218->97215 97227 c04ead 7 API calls 2 library calls 97218->97227 97220->97206 97222 c129d3 RtlFreeHeap 97221->97222 97226 c129fc __dosmaperr 97221->97226 97223 c129e8 97222->97223 97222->97226 97229 c0f2d9 20 API calls __dosmaperr 97223->97229 97225 c129ee GetLastError 97225->97226 97226->97208 97227->97218 97228->97216 97229->97225 97231 c153d1 97230->97231 97232 c153e6 97230->97232 97245 c0f2c6 20 API calls __dosmaperr 97231->97245 97237 c1540b 97232->97237 97247 c0f2c6 20 API calls __dosmaperr 97232->97247 97234 c153d6 97246 c0f2d9 20 API calls __dosmaperr 97234->97246 97237->97171 97238 c15416 97248 c0f2d9 20 API calls __dosmaperr 97238->97248 97239 c153de 97239->97171 97241 c1541e 97249 c127ec 26 API calls __wsopen_s 97241->97249 97243->97177 97244->97176 97245->97234 97246->97239 97247->97238 97248->97241 97249->97239 97250 be105b 97255 be344d 97250->97255 97252 be106a 97286 c000a3 29 API calls __onexit 97252->97286 97254 be1074 97256 be345d __wsopen_s 97255->97256 97257 bea961 22 API calls 97256->97257 97258 be3513 97257->97258 97287 be3a5a 97258->97287 97260 be351c 97294 be3357 97260->97294 97267 bea961 22 API calls 97268 be354d 97267->97268 97315 bea6c3 97268->97315 97271 c23176 RegQueryValueExW 97272 c23193 97271->97272 97273 c2320c RegCloseKey 97271->97273 97274 bffe0b 22 API calls 97272->97274 97276 be3578 97273->97276 97285 c2321e _wcslen 97273->97285 97275 c231ac 97274->97275 97321 be5722 97275->97321 97276->97252 97279 be4c6d 22 API calls 97279->97285 97280 c231d4 97281 be6b57 22 API calls 97280->97281 97282 c231ee messages 97281->97282 97282->97273 97283 be9cb3 22 API calls 97283->97285 97284 be515f 22 API calls 97284->97285 97285->97276 97285->97279 97285->97283 97285->97284 97286->97254 97324 c21f50 97287->97324 97290 be9cb3 22 API calls 97291 be3a8d 97290->97291 97326 be3aa2 97291->97326 97293 be3a97 97293->97260 97295 c21f50 __wsopen_s 97294->97295 97296 be3364 GetFullPathNameW 97295->97296 97297 be3386 97296->97297 97298 be6b57 22 API calls 97297->97298 97299 be33a4 97298->97299 97300 be33c6 97299->97300 97301 be33dd 97300->97301 97302 c230bb 97300->97302 97340 be33ee 97301->97340 97303 bffddb 22 API calls 97302->97303 97305 c230c5 _wcslen 97303->97305 97307 bffe0b 22 API calls 97305->97307 97306 be33e8 97309 be515f 97306->97309 97308 c230fe __fread_nolock 97307->97308 97310 be516e 97309->97310 97314 be518f __fread_nolock 97309->97314 97313 bffe0b 22 API calls 97310->97313 97311 bffddb 22 API calls 97312 be3544 97311->97312 97312->97267 97313->97314 97314->97311 97316 bea6dd 97315->97316 97317 be3556 RegOpenKeyExW 97315->97317 97318 bffddb 22 API calls 97316->97318 97317->97271 97317->97276 97319 bea6e7 97318->97319 97320 bffe0b 22 API calls 97319->97320 97320->97317 97322 bffddb 22 API calls 97321->97322 97323 be5734 RegQueryValueExW 97322->97323 97323->97280 97323->97282 97325 be3a67 GetModuleFileNameW 97324->97325 97325->97290 97327 c21f50 __wsopen_s 97326->97327 97328 be3aaf GetFullPathNameW 97327->97328 97329 be3ace 97328->97329 97330 be3ae9 97328->97330 97331 be6b57 22 API calls 97329->97331 97332 bea6c3 22 API calls 97330->97332 97333 be3ada 97331->97333 97332->97333 97336 be37a0 97333->97336 97337 be37ae 97336->97337 97338 be93b2 22 API calls 97337->97338 97339 be37c2 97338->97339 97339->97293 97341 be33fe _wcslen 97340->97341 97342 c2311d 97341->97342 97343 be3411 97341->97343 97344 bffddb 22 API calls 97342->97344 97350 bea587 97343->97350 97346 c23127 97344->97346 97348 bffe0b 22 API calls 97346->97348 97347 be341e __fread_nolock 97347->97306 97349 c23157 __fread_nolock 97348->97349 97351 bea59d 97350->97351 97354 bea598 __fread_nolock 97350->97354 97352 bffe0b 22 API calls 97351->97352 97353 c2f80f 97351->97353 97352->97354 97353->97353 97354->97347 97355 be1098 97360 be42de 97355->97360 97359 be10a7 97361 bea961 22 API calls 97360->97361 97362 be42f5 GetVersionExW 97361->97362 97363 be6b57 22 API calls 97362->97363 97364 be4342 97363->97364 97365 be93b2 22 API calls 97364->97365 97377 be4378 97364->97377 97366 be436c 97365->97366 97368 be37a0 22 API calls 97366->97368 97367 be441b GetCurrentProcess IsWow64Process 97369 be4437 97367->97369 97368->97377 97370 be444f LoadLibraryA 97369->97370 97371 c23824 GetSystemInfo 97369->97371 97372 be449c GetSystemInfo 97370->97372 97373 be4460 GetProcAddress 97370->97373 97374 be4476 97372->97374 97373->97372 97376 be4470 GetNativeSystemInfo 97373->97376 97378 be447a FreeLibrary 97374->97378 97379 be109d 97374->97379 97375 c237df 97376->97374 97377->97367 97377->97375 97378->97379 97380 c000a3 29 API calls __onexit 97379->97380 97380->97359 97381 bff698 97382 bff6c3 97381->97382 97383 bff6a2 97381->97383 97389 c3f2f8 97382->97389 97398 c44d4a 22 API calls messages 97382->97398 97390 beaf8a 97383->97390 97385 bff6b2 97387 beaf8a 22 API calls 97385->97387 97388 bff6c2 97387->97388 97391 beaf98 97390->97391 97396 beafc0 messages 97390->97396 97392 beafa6 97391->97392 97393 beaf8a 22 API calls 97391->97393 97394 beaf8a 22 API calls 97392->97394 97395 beafac 97392->97395 97393->97392 97394->97395 97395->97396 97399 beb090 97395->97399 97396->97385 97398->97382 97400 beb09b messages 97399->97400 97402 beb0d6 messages 97400->97402 97403 bfce17 22 API calls messages 97400->97403 97402->97396 97403->97402 97404 c22ba5 97405 be2b25 97404->97405 97406 c22baf 97404->97406 97432 be2b83 7 API calls 97405->97432 97408 be3a5a 24 API calls 97406->97408 97410 c22bb8 97408->97410 97412 be9cb3 22 API calls 97410->97412 97414 c22bc6 97412->97414 97413 be2b2f 97420 be2b44 97413->97420 97436 be3837 97413->97436 97415 c22bf5 97414->97415 97416 c22bce 97414->97416 97417 be33c6 22 API calls 97415->97417 97419 be33c6 22 API calls 97416->97419 97422 c22bf1 GetForegroundWindow ShellExecuteW 97417->97422 97421 c22bd9 97419->97421 97423 be2b5f 97420->97423 97446 be30f2 97420->97446 97450 be6350 22 API calls 97421->97450 97428 c22c26 97422->97428 97430 be2b66 SetCurrentDirectoryW 97423->97430 97427 c22be7 97429 be33c6 22 API calls 97427->97429 97428->97423 97429->97422 97431 be2b7a 97430->97431 97451 be2cd4 7 API calls 97432->97451 97434 be2b2a 97435 be2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97434->97435 97435->97413 97437 be3862 ___scrt_fastfail 97436->97437 97452 be4212 97437->97452 97441 c23386 Shell_NotifyIconW 97442 be3906 Shell_NotifyIconW 97456 be3923 97442->97456 97444 be391c 97444->97420 97445 be38e8 97445->97441 97445->97442 97447 be3154 97446->97447 97448 be3104 ___scrt_fastfail 97446->97448 97447->97423 97449 be3123 Shell_NotifyIconW 97448->97449 97449->97447 97450->97427 97451->97434 97453 c235a4 97452->97453 97454 be38b7 97452->97454 97453->97454 97455 c235ad DestroyIcon 97453->97455 97454->97445 97478 c4c874 42 API calls _strftime 97454->97478 97455->97454 97457 be393f 97456->97457 97458 be3a13 97456->97458 97479 be6270 97457->97479 97458->97444 97461 c23393 LoadStringW 97464 c233ad 97461->97464 97462 be395a 97463 be6b57 22 API calls 97462->97463 97465 be396f 97463->97465 97472 be3994 ___scrt_fastfail 97464->97472 97485 bea8c7 22 API calls __fread_nolock 97464->97485 97466 be397c 97465->97466 97467 c233c9 97465->97467 97466->97464 97469 be3986 97466->97469 97486 be6350 22 API calls 97467->97486 97484 be6350 22 API calls 97469->97484 97475 be39f9 Shell_NotifyIconW 97472->97475 97473 c233d7 97473->97472 97474 be33c6 22 API calls 97473->97474 97476 c233f9 97474->97476 97475->97458 97477 be33c6 22 API calls 97476->97477 97477->97472 97478->97445 97480 bffe0b 22 API calls 97479->97480 97481 be6295 97480->97481 97482 bffddb 22 API calls 97481->97482 97483 be394d 97482->97483 97483->97461 97483->97462 97484->97472 97485->97472 97486->97473 97487 be3156 97490 be3170 97487->97490 97491 be3187 97490->97491 97492 be318c 97491->97492 97493 be31eb 97491->97493 97534 be31e9 97491->97534 97497 be3199 97492->97497 97498 be3265 PostQuitMessage 97492->97498 97495 c22dfb 97493->97495 97496 be31f1 97493->97496 97494 be31d0 DefWindowProcW 97499 be316a 97494->97499 97545 be18e2 10 API calls 97495->97545 97500 be321d SetTimer RegisterWindowMessageW 97496->97500 97501 be31f8 97496->97501 97503 be31a4 97497->97503 97504 c22e7c 97497->97504 97498->97499 97500->97499 97509 be3246 CreatePopupMenu 97500->97509 97506 c22d9c 97501->97506 97507 be3201 KillTimer 97501->97507 97510 be31ae 97503->97510 97511 c22e68 97503->97511 97548 c4bf30 34 API calls ___scrt_fastfail 97504->97548 97515 c22da1 97506->97515 97516 c22dd7 MoveWindow 97506->97516 97517 be30f2 Shell_NotifyIconW 97507->97517 97508 c22e1c 97546 bfe499 42 API calls 97508->97546 97509->97499 97512 be31b9 97510->97512 97513 c22e4d 97510->97513 97535 c4c161 97511->97535 97520 be31c4 97512->97520 97521 be3253 97512->97521 97513->97494 97547 c40ad7 22 API calls 97513->97547 97514 c22e8e 97514->97494 97514->97499 97522 c22dc6 SetFocus 97515->97522 97523 c22da7 97515->97523 97516->97499 97524 be3214 97517->97524 97520->97494 97531 be30f2 Shell_NotifyIconW 97520->97531 97543 be326f 44 API calls ___scrt_fastfail 97521->97543 97522->97499 97523->97520 97526 c22db0 97523->97526 97542 be3c50 DeleteObject DestroyWindow 97524->97542 97544 be18e2 10 API calls 97526->97544 97529 be3263 97529->97499 97532 c22e41 97531->97532 97533 be3837 49 API calls 97532->97533 97533->97534 97534->97494 97536 c4c276 97535->97536 97537 c4c179 ___scrt_fastfail 97535->97537 97536->97499 97538 be3923 24 API calls 97537->97538 97540 c4c1a0 97538->97540 97539 c4c25f KillTimer SetTimer 97539->97536 97540->97539 97541 c4c251 Shell_NotifyIconW 97540->97541 97541->97539 97542->97499 97543->97529 97544->97499 97545->97508 97546->97520 97547->97534 97548->97514 97549 be2e37 97550 bea961 22 API calls 97549->97550 97551 be2e4d 97550->97551 97628 be4ae3 97551->97628 97553 be2e6b 97554 be3a5a 24 API calls 97553->97554 97555 be2e7f 97554->97555 97556 be9cb3 22 API calls 97555->97556 97557 be2e8c 97556->97557 97642 be4ecb 97557->97642 97560 c22cb0 97682 c52cf9 97560->97682 97561 be2ead 97664 bea8c7 22 API calls __fread_nolock 97561->97664 97563 c22cc3 97565 c22ccf 97563->97565 97708 be4f39 97563->97708 97569 be4f39 68 API calls 97565->97569 97566 be2ec3 97665 be6f88 22 API calls 97566->97665 97571 c22ce5 97569->97571 97570 be2ecf 97572 be9cb3 22 API calls 97570->97572 97714 be3084 22 API calls 97571->97714 97573 be2edc 97572->97573 97666 bea81b 41 API calls 97573->97666 97576 be2eec 97578 be9cb3 22 API calls 97576->97578 97577 c22d02 97715 be3084 22 API calls 97577->97715 97580 be2f12 97578->97580 97667 bea81b 41 API calls 97580->97667 97581 c22d1e 97583 be3a5a 24 API calls 97581->97583 97585 c22d44 97583->97585 97584 be2f21 97587 bea961 22 API calls 97584->97587 97716 be3084 22 API calls 97585->97716 97590 be2f3f 97587->97590 97588 c22d50 97717 bea8c7 22 API calls __fread_nolock 97588->97717 97668 be3084 22 API calls 97590->97668 97591 c22d5e 97718 be3084 22 API calls 97591->97718 97594 be2f4b 97669 c04a28 40 API calls 3 library calls 97594->97669 97595 c22d6d 97719 bea8c7 22 API calls __fread_nolock 97595->97719 97597 be2f59 97597->97571 97598 be2f63 97597->97598 97670 c04a28 40 API calls 3 library calls 97598->97670 97601 c22d83 97720 be3084 22 API calls 97601->97720 97602 be2f6e 97602->97577 97604 be2f78 97602->97604 97671 c04a28 40 API calls 3 library calls 97604->97671 97605 c22d90 97607 be2f83 97607->97581 97608 be2f8d 97607->97608 97672 c04a28 40 API calls 3 library calls 97608->97672 97610 be2f98 97611 be2fdc 97610->97611 97673 be3084 22 API calls 97610->97673 97611->97595 97612 be2fe8 97611->97612 97612->97605 97676 be63eb 22 API calls 97612->97676 97614 be2fbf 97674 bea8c7 22 API calls __fread_nolock 97614->97674 97617 be2ff8 97677 be6a50 22 API calls 97617->97677 97619 be2fcd 97675 be3084 22 API calls 97619->97675 97620 be3006 97678 be70b0 23 API calls 97620->97678 97625 be3021 97626 be3065 97625->97626 97679 be6f88 22 API calls 97625->97679 97680 be70b0 23 API calls 97625->97680 97681 be3084 22 API calls 97625->97681 97629 be4af0 __wsopen_s 97628->97629 97630 be6b57 22 API calls 97629->97630 97631 be4b22 97629->97631 97630->97631 97637 be4b58 97631->97637 97721 be4c6d 97631->97721 97633 be4c6d 22 API calls 97633->97637 97634 be9cb3 22 API calls 97636 be4c52 97634->97636 97635 be9cb3 22 API calls 97635->97637 97638 be515f 22 API calls 97636->97638 97637->97633 97637->97635 97639 be515f 22 API calls 97637->97639 97641 be4c29 97637->97641 97640 be4c5e 97638->97640 97639->97637 97640->97553 97641->97634 97641->97640 97724 be4e90 LoadLibraryA 97642->97724 97647 be4ef6 LoadLibraryExW 97732 be4e59 LoadLibraryA 97647->97732 97648 c23ccf 97649 be4f39 68 API calls 97648->97649 97651 c23cd6 97649->97651 97653 be4e59 3 API calls 97651->97653 97655 c23cde 97653->97655 97754 be50f5 40 API calls __fread_nolock 97655->97754 97656 be4f20 97656->97655 97657 be4f2c 97656->97657 97658 be4f39 68 API calls 97657->97658 97660 be2ea5 97658->97660 97660->97560 97660->97561 97661 c23cf5 97755 c528fe 27 API calls 97661->97755 97663 c23d05 97664->97566 97665->97570 97666->97576 97667->97584 97668->97594 97669->97597 97670->97602 97671->97607 97672->97610 97673->97614 97674->97619 97675->97611 97676->97617 97677->97620 97678->97625 97679->97625 97680->97625 97681->97625 97683 c52d15 97682->97683 97819 be511f 64 API calls 97683->97819 97685 c52d29 97820 c52e66 75 API calls 97685->97820 97687 c52d3b 97705 c52d3f 97687->97705 97821 be50f5 40 API calls __fread_nolock 97687->97821 97689 c52d56 97822 be50f5 40 API calls __fread_nolock 97689->97822 97691 c52d66 97823 be50f5 40 API calls __fread_nolock 97691->97823 97693 c52d81 97824 be50f5 40 API calls __fread_nolock 97693->97824 97695 c52d9c 97825 be511f 64 API calls 97695->97825 97697 c52db3 97698 c0ea0c ___std_exception_copy 21 API calls 97697->97698 97699 c52dba 97698->97699 97700 c0ea0c ___std_exception_copy 21 API calls 97699->97700 97701 c52dc4 97700->97701 97826 be50f5 40 API calls __fread_nolock 97701->97826 97703 c52dd8 97827 c528fe 27 API calls 97703->97827 97705->97563 97706 c52dee 97706->97705 97828 c522ce 97706->97828 97709 be4f43 97708->97709 97711 be4f4a 97708->97711 97710 c0e678 67 API calls 97709->97710 97710->97711 97712 be4f6a FreeLibrary 97711->97712 97713 be4f59 97711->97713 97712->97713 97713->97565 97714->97577 97715->97581 97716->97588 97717->97591 97718->97595 97719->97601 97720->97605 97722 beaec9 22 API calls 97721->97722 97723 be4c78 97722->97723 97723->97631 97725 be4ea8 GetProcAddress 97724->97725 97726 be4ec6 97724->97726 97727 be4eb8 97725->97727 97729 c0e5eb 97726->97729 97727->97726 97728 be4ebf FreeLibrary 97727->97728 97728->97726 97756 c0e52a 97729->97756 97731 be4eea 97731->97647 97731->97648 97733 be4e6e GetProcAddress 97732->97733 97734 be4e8d 97732->97734 97735 be4e7e 97733->97735 97737 be4f80 97734->97737 97735->97734 97736 be4e86 FreeLibrary 97735->97736 97736->97734 97738 bffe0b 22 API calls 97737->97738 97739 be4f95 97738->97739 97740 be5722 22 API calls 97739->97740 97741 be4fa1 __fread_nolock 97740->97741 97742 be50a5 97741->97742 97743 c23d1d 97741->97743 97753 be4fdc 97741->97753 97808 be42a2 CreateStreamOnHGlobal 97742->97808 97816 c5304d 74 API calls 97743->97816 97746 c23d22 97817 be511f 64 API calls 97746->97817 97749 c23d45 97818 be50f5 40 API calls __fread_nolock 97749->97818 97751 be506e messages 97751->97656 97753->97746 97753->97751 97814 be50f5 40 API calls __fread_nolock 97753->97814 97815 be511f 64 API calls 97753->97815 97754->97661 97755->97663 97759 c0e536 ___scrt_is_nonwritable_in_current_image 97756->97759 97757 c0e544 97781 c0f2d9 20 API calls __dosmaperr 97757->97781 97759->97757 97761 c0e574 97759->97761 97760 c0e549 97782 c127ec 26 API calls __wsopen_s 97760->97782 97763 c0e586 97761->97763 97764 c0e579 97761->97764 97773 c18061 97763->97773 97783 c0f2d9 20 API calls __dosmaperr 97764->97783 97767 c0e58f 97769 c0e595 97767->97769 97771 c0e5a2 97767->97771 97768 c0e554 __wsopen_s 97768->97731 97784 c0f2d9 20 API calls __dosmaperr 97769->97784 97785 c0e5d4 LeaveCriticalSection __fread_nolock 97771->97785 97774 c1806d ___scrt_is_nonwritable_in_current_image 97773->97774 97786 c12f5e EnterCriticalSection 97774->97786 97776 c1807b 97787 c180fb 97776->97787 97780 c180ac __wsopen_s 97780->97767 97781->97760 97782->97768 97783->97768 97784->97768 97785->97768 97786->97776 97788 c1811e 97787->97788 97789 c18177 97788->97789 97796 c18088 97788->97796 97803 c0918d EnterCriticalSection 97788->97803 97804 c091a1 LeaveCriticalSection 97788->97804 97790 c14c7d __dosmaperr 20 API calls 97789->97790 97791 c18180 97790->97791 97793 c129c8 _free 20 API calls 97791->97793 97794 c18189 97793->97794 97794->97796 97805 c13405 11 API calls 2 library calls 97794->97805 97800 c180b7 97796->97800 97797 c181a8 97806 c0918d EnterCriticalSection 97797->97806 97807 c12fa6 LeaveCriticalSection 97800->97807 97802 c180be 97802->97780 97803->97788 97804->97788 97805->97797 97806->97796 97807->97802 97809 be42bc FindResourceExW 97808->97809 97813 be42d9 97808->97813 97810 c235ba LoadResource 97809->97810 97809->97813 97811 c235cf SizeofResource 97810->97811 97810->97813 97812 c235e3 LockResource 97811->97812 97811->97813 97812->97813 97813->97753 97814->97753 97815->97753 97816->97746 97817->97749 97818->97751 97819->97685 97820->97687 97821->97689 97822->97691 97823->97693 97824->97695 97825->97697 97826->97703 97827->97706 97829 c522d9 97828->97829 97830 c522e7 97828->97830 97831 c0e5eb 29 API calls 97829->97831 97832 c5232c 97830->97832 97833 c0e5eb 29 API calls 97830->97833 97856 c522f0 97830->97856 97831->97830 97857 c52557 40 API calls __fread_nolock 97832->97857 97834 c52311 97833->97834 97834->97832 97836 c5231a 97834->97836 97836->97856 97865 c0e678 97836->97865 97837 c52370 97838 c52395 97837->97838 97839 c52374 97837->97839 97858 c52171 97838->97858 97840 c52381 97839->97840 97843 c0e678 67 API calls 97839->97843 97845 c0e678 67 API calls 97840->97845 97840->97856 97843->97840 97844 c5239d 97846 c523c3 97844->97846 97847 c523a3 97844->97847 97845->97856 97878 c523f3 74 API calls 97846->97878 97849 c523b0 97847->97849 97850 c0e678 67 API calls 97847->97850 97851 c0e678 67 API calls 97849->97851 97849->97856 97850->97849 97851->97856 97852 c523ca 97853 c523de 97852->97853 97854 c0e678 67 API calls 97852->97854 97855 c0e678 67 API calls 97853->97855 97853->97856 97854->97853 97855->97856 97856->97705 97857->97837 97859 c0ea0c ___std_exception_copy 21 API calls 97858->97859 97860 c5217f 97859->97860 97861 c0ea0c ___std_exception_copy 21 API calls 97860->97861 97862 c52190 97861->97862 97863 c0ea0c ___std_exception_copy 21 API calls 97862->97863 97864 c5219c 97863->97864 97864->97844 97866 c0e684 ___scrt_is_nonwritable_in_current_image 97865->97866 97867 c0e695 97866->97867 97868 c0e6aa 97866->97868 97896 c0f2d9 20 API calls __dosmaperr 97867->97896 97877 c0e6a5 __wsopen_s 97868->97877 97879 c0918d EnterCriticalSection 97868->97879 97870 c0e69a 97897 c127ec 26 API calls __wsopen_s 97870->97897 97873 c0e6c6 97880 c0e602 97873->97880 97875 c0e6d1 97898 c0e6ee LeaveCriticalSection __fread_nolock 97875->97898 97877->97856 97878->97852 97879->97873 97881 c0e624 97880->97881 97882 c0e60f 97880->97882 97887 c0e61f 97881->97887 97899 c0dc0b 97881->97899 97931 c0f2d9 20 API calls __dosmaperr 97882->97931 97884 c0e614 97932 c127ec 26 API calls __wsopen_s 97884->97932 97887->97875 97892 c0e646 97916 c1862f 97892->97916 97895 c129c8 _free 20 API calls 97895->97887 97896->97870 97897->97877 97898->97877 97900 c0dc23 97899->97900 97904 c0dc1f 97899->97904 97901 c0d955 __fread_nolock 26 API calls 97900->97901 97900->97904 97902 c0dc43 97901->97902 97933 c159be 62 API calls 3 library calls 97902->97933 97905 c14d7a 97904->97905 97906 c14d90 97905->97906 97907 c0e640 97905->97907 97906->97907 97908 c129c8 _free 20 API calls 97906->97908 97909 c0d955 97907->97909 97908->97907 97910 c0d961 97909->97910 97911 c0d976 97909->97911 97934 c0f2d9 20 API calls __dosmaperr 97910->97934 97911->97892 97913 c0d966 97935 c127ec 26 API calls __wsopen_s 97913->97935 97915 c0d971 97915->97892 97917 c18653 97916->97917 97918 c1863e 97916->97918 97920 c1868e 97917->97920 97924 c1867a 97917->97924 97939 c0f2c6 20 API calls __dosmaperr 97918->97939 97941 c0f2c6 20 API calls __dosmaperr 97920->97941 97921 c18643 97940 c0f2d9 20 API calls __dosmaperr 97921->97940 97936 c18607 97924->97936 97925 c18693 97942 c0f2d9 20 API calls __dosmaperr 97925->97942 97928 c0e64c 97928->97887 97928->97895 97929 c1869b 97943 c127ec 26 API calls __wsopen_s 97929->97943 97931->97884 97932->97887 97933->97904 97934->97913 97935->97915 97944 c18585 97936->97944 97938 c1862b 97938->97928 97939->97921 97940->97928 97941->97925 97942->97929 97943->97928 97945 c18591 ___scrt_is_nonwritable_in_current_image 97944->97945 97955 c15147 EnterCriticalSection 97945->97955 97947 c1859f 97948 c185d1 97947->97948 97949 c185c6 97947->97949 97956 c0f2d9 20 API calls __dosmaperr 97948->97956 97950 c186ae __wsopen_s 29 API calls 97949->97950 97952 c185cc 97950->97952 97957 c185fb LeaveCriticalSection __wsopen_s 97952->97957 97954 c185ee __wsopen_s 97954->97938 97955->97947 97956->97952 97957->97954 97958 be1033 97963 be4c91 97958->97963 97962 be1042 97964 bea961 22 API calls 97963->97964 97965 be4cff 97964->97965 97971 be3af0 97965->97971 97967 be4d9c 97969 be1038 97967->97969 97974 be51f7 22 API calls __fread_nolock 97967->97974 97970 c000a3 29 API calls __onexit 97969->97970 97970->97962 97975 be3b1c 97971->97975 97974->97967 97976 be3b0f 97975->97976 97977 be3b29 97975->97977 97976->97967 97977->97976 97978 be3b30 RegOpenKeyExW 97977->97978 97978->97976 97979 be3b4a RegQueryValueExW 97978->97979 97980 be3b6b 97979->97980 97981 be3b80 RegCloseKey 97979->97981 97980->97981 97981->97976 97982 beb010 97983 beb01b 97982->97983 97984 c2fb4d 97983->97984 97989 beb023 messages 97983->97989 97985 bffddb 22 API calls 97984->97985 97986 c2fb59 97985->97986 97987 beb02a 97988 beb090 22 API calls 97988->97989 97989->97987 97989->97988 97990 c72a55 97998 c51ebc 97990->97998 97993 c72a87 97994 c72a70 98000 c439c0 22 API calls 97994->98000 97996 c72a7c 98001 c4417d 22 API calls __fread_nolock 97996->98001 97999 c51ec3 IsWindow 97998->97999 97999->97993 97999->97994 98000->97996 98001->97993 98002 be1cad SystemParametersInfoW 98003 c33f75 98014 bfceb1 98003->98014 98005 c33f8b 98006 c34006 98005->98006 98023 bfe300 23 API calls 98005->98023 98009 bebf40 348 API calls 98006->98009 98008 c33fe6 98012 c34052 98008->98012 98024 c51abf 22 API calls 98008->98024 98009->98012 98011 c34a88 98012->98011 98025 c5359c 82 API calls __wsopen_s 98012->98025 98015 bfcebf 98014->98015 98016 bfced2 98014->98016 98017 beaceb 23 API calls 98015->98017 98018 bfced7 98016->98018 98019 bfcf05 98016->98019 98022 bfcec9 98017->98022 98021 bffddb 22 API calls 98018->98021 98020 beaceb 23 API calls 98019->98020 98020->98022 98021->98022 98022->98005 98023->98008 98024->98006 98025->98011 98026 be1044 98031 be10f3 98026->98031 98028 be104a 98067 c000a3 29 API calls __onexit 98028->98067 98030 be1054 98068 be1398 98031->98068 98035 be116a 98036 bea961 22 API calls 98035->98036 98037 be1174 98036->98037 98038 bea961 22 API calls 98037->98038 98039 be117e 98038->98039 98040 bea961 22 API calls 98039->98040 98041 be1188 98040->98041 98042 bea961 22 API calls 98041->98042 98043 be11c6 98042->98043 98044 bea961 22 API calls 98043->98044 98045 be1292 98044->98045 98078 be171c 98045->98078 98049 be12c4 98050 bea961 22 API calls 98049->98050 98051 be12ce 98050->98051 98052 bf1940 9 API calls 98051->98052 98053 be12f9 98052->98053 98099 be1aab 98053->98099 98055 be1315 98056 be1325 GetStdHandle 98055->98056 98057 be137a 98056->98057 98058 c22485 98056->98058 98061 be1387 OleInitialize 98057->98061 98058->98057 98059 c2248e 98058->98059 98060 bffddb 22 API calls 98059->98060 98062 c22495 98060->98062 98061->98028 98106 c5011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 98062->98106 98064 c2249e 98107 c50944 CreateThread 98064->98107 98066 c224aa CloseHandle 98066->98057 98067->98030 98108 be13f1 98068->98108 98071 be13f1 22 API calls 98072 be13d0 98071->98072 98073 bea961 22 API calls 98072->98073 98074 be13dc 98073->98074 98075 be6b57 22 API calls 98074->98075 98076 be1129 98075->98076 98077 be1bc3 6 API calls 98076->98077 98077->98035 98079 bea961 22 API calls 98078->98079 98080 be172c 98079->98080 98081 bea961 22 API calls 98080->98081 98082 be1734 98081->98082 98083 bea961 22 API calls 98082->98083 98084 be174f 98083->98084 98085 bffddb 22 API calls 98084->98085 98086 be129c 98085->98086 98087 be1b4a 98086->98087 98088 be1b58 98087->98088 98089 bea961 22 API calls 98088->98089 98090 be1b63 98089->98090 98091 bea961 22 API calls 98090->98091 98092 be1b6e 98091->98092 98093 bea961 22 API calls 98092->98093 98094 be1b79 98093->98094 98095 bea961 22 API calls 98094->98095 98096 be1b84 98095->98096 98097 bffddb 22 API calls 98096->98097 98098 be1b96 RegisterWindowMessageW 98097->98098 98098->98049 98100 be1abb 98099->98100 98101 c2272d 98099->98101 98103 bffddb 22 API calls 98100->98103 98115 c53209 23 API calls 98101->98115 98105 be1ac3 98103->98105 98104 c22738 98105->98055 98106->98064 98107->98066 98116 c5092a 28 API calls 98107->98116 98109 bea961 22 API calls 98108->98109 98110 be13fc 98109->98110 98111 bea961 22 API calls 98110->98111 98112 be1404 98111->98112 98113 bea961 22 API calls 98112->98113 98114 be13c6 98113->98114 98114->98071 98115->98104 98117 c003fb 98118 c00407 ___scrt_is_nonwritable_in_current_image 98117->98118 98146 bffeb1 98118->98146 98120 c0040e 98121 c00561 98120->98121 98124 c00438 98120->98124 98176 c0083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 98121->98176 98123 c00568 98169 c04e52 98123->98169 98134 c00477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 98124->98134 98157 c1247d 98124->98157 98131 c00457 98137 c004d8 98134->98137 98172 c04e1a 38 API calls 2 library calls 98134->98172 98135 c004de 98138 c004f3 98135->98138 98165 c00959 98137->98165 98173 c00992 GetModuleHandleW 98138->98173 98140 c004fa 98140->98123 98141 c004fe 98140->98141 98142 c00507 98141->98142 98174 c04df5 28 API calls _abort 98141->98174 98175 c00040 13 API calls 2 library calls 98142->98175 98145 c0050f 98145->98131 98147 bffeba 98146->98147 98178 c00698 IsProcessorFeaturePresent 98147->98178 98149 bffec6 98179 c02c94 10 API calls 3 library calls 98149->98179 98151 bffecb 98152 bffecf 98151->98152 98180 c12317 98151->98180 98152->98120 98155 bffee6 98155->98120 98160 c12494 98157->98160 98158 c00a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98159 c00451 98158->98159 98159->98131 98161 c12421 98159->98161 98160->98158 98164 c12450 98161->98164 98162 c00a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98163 c12479 98162->98163 98163->98134 98164->98162 98231 c02340 98165->98231 98168 c0097f 98168->98135 98233 c04bcf 98169->98233 98172->98137 98173->98140 98174->98142 98175->98145 98176->98123 98178->98149 98179->98151 98184 c1d1f6 98180->98184 98183 c02cbd 8 API calls 3 library calls 98183->98152 98187 c1d213 98184->98187 98188 c1d20f 98184->98188 98186 bffed8 98186->98155 98186->98183 98187->98188 98190 c14bfb 98187->98190 98202 c00a8c 98188->98202 98191 c14c07 ___scrt_is_nonwritable_in_current_image 98190->98191 98209 c12f5e EnterCriticalSection 98191->98209 98193 c14c0e 98210 c150af 98193->98210 98195 c14c1d 98200 c14c2c 98195->98200 98223 c14a8f 29 API calls 98195->98223 98198 c14c27 98224 c14b45 GetStdHandle GetFileType 98198->98224 98225 c14c48 LeaveCriticalSection _abort 98200->98225 98201 c14c3d __wsopen_s 98201->98187 98203 c00a95 98202->98203 98204 c00a97 IsProcessorFeaturePresent 98202->98204 98203->98186 98206 c00c5d 98204->98206 98230 c00c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 98206->98230 98208 c00d40 98208->98186 98209->98193 98211 c150bb ___scrt_is_nonwritable_in_current_image 98210->98211 98212 c150c8 98211->98212 98213 c150df 98211->98213 98227 c0f2d9 20 API calls __dosmaperr 98212->98227 98226 c12f5e EnterCriticalSection 98213->98226 98216 c150cd 98228 c127ec 26 API calls __wsopen_s 98216->98228 98218 c15117 98229 c1513e LeaveCriticalSection _abort 98218->98229 98219 c150d7 __wsopen_s 98219->98195 98220 c150eb 98220->98218 98222 c15000 __wsopen_s 21 API calls 98220->98222 98222->98220 98223->98198 98224->98200 98225->98201 98226->98220 98227->98216 98228->98219 98229->98219 98230->98208 98232 c0096c GetStartupInfoW 98231->98232 98232->98168 98234 c04bdb _abort 98233->98234 98235 c04be2 98234->98235 98236 c04bf4 98234->98236 98272 c04d29 GetModuleHandleW 98235->98272 98257 c12f5e EnterCriticalSection 98236->98257 98239 c04be7 98239->98236 98273 c04d6d GetModuleHandleExW 98239->98273 98240 c04c99 98261 c04cd9 98240->98261 98244 c04c70 98248 c04c88 98244->98248 98252 c12421 _abort 5 API calls 98244->98252 98246 c04ce2 98281 c21d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 98246->98281 98247 c04cb6 98264 c04ce8 98247->98264 98253 c12421 _abort 5 API calls 98248->98253 98252->98248 98253->98240 98254 c04bfb 98254->98240 98254->98244 98258 c121a8 98254->98258 98257->98254 98282 c11ee1 98258->98282 98301 c12fa6 LeaveCriticalSection 98261->98301 98263 c04cb2 98263->98246 98263->98247 98302 c1360c 98264->98302 98267 c04d16 98270 c04d6d _abort 8 API calls 98267->98270 98268 c04cf6 GetPEB 98268->98267 98269 c04d06 GetCurrentProcess TerminateProcess 98268->98269 98269->98267 98271 c04d1e ExitProcess 98270->98271 98272->98239 98274 c04d97 GetProcAddress 98273->98274 98275 c04dba 98273->98275 98278 c04dac 98274->98278 98276 c04dc0 FreeLibrary 98275->98276 98277 c04dc9 98275->98277 98276->98277 98279 c00a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98277->98279 98278->98275 98280 c04bf3 98279->98280 98280->98236 98285 c11e90 98282->98285 98284 c11f05 98284->98244 98286 c11e9c ___scrt_is_nonwritable_in_current_image 98285->98286 98293 c12f5e EnterCriticalSection 98286->98293 98288 c11eaa 98294 c11f31 98288->98294 98292 c11ec8 __wsopen_s 98292->98284 98293->98288 98295 c11f51 98294->98295 98296 c11f59 98294->98296 98297 c00a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98295->98297 98296->98295 98299 c129c8 _free 20 API calls 98296->98299 98298 c11eb7 98297->98298 98300 c11ed5 LeaveCriticalSection _abort 98298->98300 98299->98295 98300->98292 98301->98263 98303 c13631 98302->98303 98304 c13627 98302->98304 98309 c12fd7 5 API calls 2 library calls 98303->98309 98306 c00a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98304->98306 98307 c04cf2 98306->98307 98307->98267 98307->98268 98308 c13648 98308->98304 98309->98308 98310 be2de3 98311 be2df0 __wsopen_s 98310->98311 98312 be2e09 98311->98312 98313 c22c2b ___scrt_fastfail 98311->98313 98314 be3aa2 23 API calls 98312->98314 98315 c22c47 GetOpenFileNameW 98313->98315 98316 be2e12 98314->98316 98317 c22c96 98315->98317 98326 be2da5 98316->98326 98319 be6b57 22 API calls 98317->98319 98321 c22cab 98319->98321 98321->98321 98323 be2e27 98344 be44a8 98323->98344 98327 c21f50 __wsopen_s 98326->98327 98328 be2db2 GetLongPathNameW 98327->98328 98329 be6b57 22 API calls 98328->98329 98330 be2dda 98329->98330 98331 be3598 98330->98331 98332 bea961 22 API calls 98331->98332 98333 be35aa 98332->98333 98334 be3aa2 23 API calls 98333->98334 98335 be35b5 98334->98335 98336 c232eb 98335->98336 98337 be35c0 98335->98337 98343 c2330d 98336->98343 98379 bfce60 41 API calls 98336->98379 98339 be515f 22 API calls 98337->98339 98340 be35cc 98339->98340 98373 be35f3 98340->98373 98342 be35df 98342->98323 98345 be4ecb 94 API calls 98344->98345 98346 be44cd 98345->98346 98347 c23833 98346->98347 98349 be4ecb 94 API calls 98346->98349 98348 c52cf9 80 API calls 98347->98348 98351 c23848 98348->98351 98350 be44e1 98349->98350 98350->98347 98352 be44e9 98350->98352 98353 c23869 98351->98353 98354 c2384c 98351->98354 98355 c23854 98352->98355 98356 be44f5 98352->98356 98358 bffe0b 22 API calls 98353->98358 98357 be4f39 68 API calls 98354->98357 98381 c4da5a 82 API calls 98355->98381 98380 be940c 136 API calls 2 library calls 98356->98380 98357->98355 98372 c238ae 98358->98372 98361 be2e31 98362 c23862 98362->98353 98363 be4f39 68 API calls 98366 c23a5f 98363->98366 98366->98363 98387 c4989b 82 API calls __wsopen_s 98366->98387 98369 be9cb3 22 API calls 98369->98372 98372->98366 98372->98369 98382 c4967e 22 API calls __fread_nolock 98372->98382 98383 c495ad 42 API calls _wcslen 98372->98383 98384 c50b5a 22 API calls 98372->98384 98385 bea4a1 22 API calls __fread_nolock 98372->98385 98386 be3ff7 22 API calls 98372->98386 98374 be3605 98373->98374 98378 be3624 __fread_nolock 98373->98378 98376 bffe0b 22 API calls 98374->98376 98375 bffddb 22 API calls 98377 be363b 98375->98377 98376->98378 98377->98342 98378->98375 98379->98336 98380->98361 98381->98362 98382->98372 98383->98372 98384->98372 98385->98372 98386->98372 98387->98366

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 389 be42de-be434d call bea961 GetVersionExW call be6b57 394 c23617-c2362a 389->394 395 be4353 389->395 396 c2362b-c2362f 394->396 397 be4355-be4357 395->397 398 c23632-c2363e 396->398 399 c23631 396->399 400 be435d-be43bc call be93b2 call be37a0 397->400 401 c23656 397->401 398->396 402 c23640-c23642 398->402 399->398 418 be43c2-be43c4 400->418 419 c237df-c237e6 400->419 405 c2365d-c23660 401->405 402->397 404 c23648-c2364f 402->404 404->394 407 c23651 404->407 408 c23666-c236a8 405->408 409 be441b-be4435 GetCurrentProcess IsWow64Process 405->409 407->401 408->409 413 c236ae-c236b1 408->413 411 be4437 409->411 412 be4494-be449a 409->412 415 be443d-be4449 411->415 412->415 416 c236b3-c236bd 413->416 417 c236db-c236e5 413->417 425 be444f-be445e LoadLibraryA 415->425 426 c23824-c23828 GetSystemInfo 415->426 427 c236ca-c236d6 416->427 428 c236bf-c236c5 416->428 421 c236e7-c236f3 417->421 422 c236f8-c23702 417->422 418->405 420 be43ca-be43dd 418->420 423 c23806-c23809 419->423 424 c237e8 419->424 429 c23726-c2372f 420->429 430 be43e3-be43e5 420->430 421->409 432 c23704-c23710 422->432 433 c23715-c23721 422->433 434 c237f4-c237fc 423->434 435 c2380b-c2381a 423->435 431 c237ee 424->431 436 be449c-be44a6 GetSystemInfo 425->436 437 be4460-be446e GetProcAddress 425->437 427->409 428->409 441 c23731-c23737 429->441 442 c2373c-c23748 429->442 439 be43eb-be43ee 430->439 440 c2374d-c23762 430->440 431->434 432->409 433->409 434->423 435->431 443 c2381c-c23822 435->443 438 be4476-be4478 436->438 437->436 444 be4470-be4474 GetNativeSystemInfo 437->444 449 be447a-be447b FreeLibrary 438->449 450 be4481-be4493 438->450 445 c23791-c23794 439->445 446 be43f4-be440f 439->446 447 c23764-c2376a 440->447 448 c2376f-c2377b 440->448 441->409 442->409 443->434 444->438 445->409 453 c2379a-c237c1 445->453 451 c23780-c2378c 446->451 452 be4415 446->452 447->409 448->409 449->450 451->409 452->409 454 c237c3-c237c9 453->454 455 c237ce-c237da 453->455 454->409 455->409
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 00BE430D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE6B57: _wcslen.LIBCMT ref: 00BE6B6A
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00C7CB64,00000000,?,?), ref: 00BE4422
                                                                                                                                                                                                                                                                                                                                                                                • IsWow64Process.KERNEL32(00000000,?,?), ref: 00BE4429
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00BE4454
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00BE4466
                                                                                                                                                                                                                                                                                                                                                                                • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00BE4474
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 00BE447B
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemInfo.KERNEL32(?,?,?), ref: 00BE44A0
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ed234a70c0955bc80695c7d5317c1711bec988c637a6b3b53d08cc67d7895caf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3d60cf7039667dca41fe9a6acf66eaad76cb13dbdcb73128cbb296f0aca7fc86
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed234a70c0955bc80695c7d5317c1711bec988c637a6b3b53d08cc67d7895caf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68A1B36591A3D0DFCB11C76A7CA139D7FE47B26700F8C4AA9E88193B72F7244648CB21

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 793 be42a2-be42ba CreateStreamOnHGlobal 794 be42bc-be42d3 FindResourceExW 793->794 795 be42da-be42dd 793->795 796 be42d9 794->796 797 c235ba-c235c9 LoadResource 794->797 796->795 797->796 798 c235cf-c235dd SizeofResource 797->798 798->796 799 c235e3-c235ee LockResource 798->799 799->796 800 c235f4-c23612 799->800 800->796
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00BE50AA,?,?,00000000,00000000), ref: 00BE42B2
                                                                                                                                                                                                                                                                                                                                                                                • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00BE50AA,?,?,00000000,00000000), ref: 00BE42C9
                                                                                                                                                                                                                                                                                                                                                                                • LoadResource.KERNEL32(?,00000000,?,?,00BE50AA,?,?,00000000,00000000,?,?,?,?,?,?,00BE4F20), ref: 00C235BE
                                                                                                                                                                                                                                                                                                                                                                                • SizeofResource.KERNEL32(?,00000000,?,?,00BE50AA,?,?,00000000,00000000,?,?,?,?,?,?,00BE4F20), ref: 00C235D3
                                                                                                                                                                                                                                                                                                                                                                                • LockResource.KERNEL32(00BE50AA,?,?,00BE50AA,?,?,00000000,00000000,?,?,?,?,?,?,00BE4F20,?), ref: 00C235E6
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f0c4c80e59a1a79612cf6194e20081123b9b550549c0d8228d577e360d8f7cbb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d2d7779c8b68814b1521b62d7d8e79f3d1616fa51a27ed8b81ab42d5ecd16124
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0c4c80e59a1a79612cf6194e20081123b9b550549c0d8228d577e360d8f7cbb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB118E70200741BFDB258B66DC88F2B7BB9EBC5B51F1481ADF516D66A0DB71DC448620

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00BE2B6B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00CB1418,?,00BE2E7F,?,?,?,00000000), ref: 00BE3A78
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(runas,?,?,?,?,?,00CA2224), ref: 00C22C10
                                                                                                                                                                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(00000000,?,?,00CA2224), ref: 00C22C17
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: runas
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3b0f49338f589a01ac87c26875c661913fbb70685a4e150a2abf42be859d9783
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 36263a1e010e5f32ca568ca780be4532e875b65379068f740f2c6e294e33ef59
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b0f49338f589a01ac87c26875c661913fbb70685a4e150a2abf42be859d9783
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F411D6311083C16AC714FF72D895EBE77E89F91750F5814ADF586170A2DF218A4A8712

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00C4D501
                                                                                                                                                                                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00C4D50F
                                                                                                                                                                                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00C4D52F
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 00C4D5DC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0203ae68d1f7135f9bfd5a34ed65a6dfb320245ffd95624dafab37eae63d9c49
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c7aaecfa40471205b9f53c6c0a594c3a3b0a52dd0768099c560e72d9d048a1ab
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0203ae68d1f7135f9bfd5a34ed65a6dfb320245ffd95624dafab37eae63d9c49
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E31B1711083419FD300EF54D881BAFBBE8FF99354F50096DF586821A1EB71AA88CB92

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 993 c4dbbe-c4dbda lstrlenW 994 c4dc06 993->994 995 c4dbdc-c4dbe6 GetFileAttributesW 993->995 997 c4dc09-c4dc0d 994->997 996 c4dbe8-c4dbf7 FindFirstFileW 995->996 995->997 996->994 998 c4dbf9-c4dc04 FindClose 996->998 998->997
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,00C25222), ref: 00C4DBCE
                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?), ref: 00C4DBDD
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00C4DBEE
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00C4DBFA
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a79656d34c78b61ded09ef15c55693a769cace17e4175633ea7de6f97fbb7a82
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 92a36e9ba801b272f0309e9999a822b2e9b083b1be7e9b8a0e36408067ba8b2c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a79656d34c78b61ded09ef15c55693a769cace17e4175633ea7de6f97fbb7a82
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCF0A0308109115783217BB8AC8DAAE377CAF02334B50471AF83AC20F0EBB05AD48695
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00C128E9,?,00C04CBE,00C128E9,00CA88B8,0000000C,00C04E15,00C128E9,00000002,00000000,?,00C128E9), ref: 00C04D09
                                                                                                                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,00C04CBE,00C128E9,00CA88B8,0000000C,00C04E15,00C128E9,00000002,00000000,?,00C128E9), ref: 00C04D10
                                                                                                                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00C04D22
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ae368dc09307e95e9836094d92d2993661a5935c62da9f688a6cd85174a66c2d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 96a144bfef9fa2ae3e58f19556ea628c3700cbfa037a1d00ce62c10574177e5f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae368dc09307e95e9836094d92d2993661a5935c62da9f688a6cd85174a66c2d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93E0B671000249BBCF15AF54DD49B9D3F69FB41B95B104018FD199A172CB35DE82DA80

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 0 c6aff9-c6b056 call c02340 3 c6b094-c6b098 0->3 4 c6b058-c6b06b call beb567 0->4 6 c6b0dd-c6b0e0 3->6 7 c6b09a-c6b0bb call beb567 * 2 3->7 12 c6b06d-c6b092 call beb567 * 2 4->12 13 c6b0c8 4->13 9 c6b0f5-c6b119 call be7510 call be7620 6->9 10 c6b0e2-c6b0e5 6->10 29 c6b0bf-c6b0c4 7->29 31 c6b11f-c6b178 call be7510 call be7620 call be7510 call be7620 call be7510 call be7620 9->31 32 c6b1d8-c6b1e0 9->32 14 c6b0e8-c6b0ed call beb567 10->14 12->29 17 c6b0cb-c6b0cf 13->17 14->9 23 c6b0d1-c6b0d7 17->23 24 c6b0d9-c6b0db 17->24 23->14 24->6 24->9 29->6 33 c6b0c6 29->33 82 c6b1a6-c6b1d6 GetSystemDirectoryW call bffe0b GetSystemDirectoryW 31->82 83 c6b17a-c6b195 call be7510 call be7620 31->83 36 c6b1e2-c6b1fd call be7510 call be7620 32->36 37 c6b20a-c6b238 GetCurrentDirectoryW call bffe0b GetCurrentDirectoryW 32->37 33->17 36->37 53 c6b1ff-c6b208 call c04963 36->53 45 c6b23c 37->45 48 c6b240-c6b244 45->48 51 c6b246-c6b270 call be9c6e * 3 48->51 52 c6b275-c6b285 call c500d9 48->52 51->52 62 c6b287-c6b289 52->62 63 c6b28b-c6b2e1 call c507c0 call c506e6 call c505a7 52->63 53->37 53->52 66 c6b2ee-c6b2f2 62->66 63->66 98 c6b2e3 63->98 71 c6b39a-c6b3be CreateProcessW 66->71 72 c6b2f8-c6b321 call c411c8 66->72 76 c6b3c1-c6b3d4 call bffe14 * 2 71->76 87 c6b323-c6b328 call c41201 72->87 88 c6b32a call c414ce 72->88 103 c6b3d6-c6b3e8 76->103 104 c6b42f-c6b43d CloseHandle 76->104 82->45 83->82 105 c6b197-c6b1a0 call c04963 83->105 97 c6b32f-c6b33c call c04963 87->97 88->97 113 c6b347-c6b357 call c04963 97->113 114 c6b33e-c6b345 97->114 98->66 109 c6b3ed-c6b3fc 103->109 110 c6b3ea 103->110 107 c6b43f-c6b444 104->107 108 c6b49c 104->108 105->48 105->82 115 c6b446-c6b44c CloseHandle 107->115 116 c6b451-c6b456 107->116 111 c6b4a0-c6b4a4 108->111 117 c6b401-c6b42a GetLastError call be630c call becfa0 109->117 118 c6b3fe 109->118 110->109 120 c6b4a6-c6b4b0 111->120 121 c6b4b2-c6b4bc 111->121 136 c6b362-c6b372 call c04963 113->136 137 c6b359-c6b360 113->137 114->113 114->114 115->116 124 c6b463-c6b468 116->124 125 c6b458-c6b45e CloseHandle 116->125 127 c6b4e5-c6b4f6 call c50175 117->127 118->117 120->127 128 c6b4c4-c6b4e3 call becfa0 CloseHandle 121->128 129 c6b4be 121->129 131 c6b475-c6b49a call c509d9 call c6b536 124->131 132 c6b46a-c6b470 CloseHandle 124->132 125->124 128->127 129->128 131->111 132->131 146 c6b374-c6b37b 136->146 147 c6b37d-c6b398 call bffe14 * 3 136->147 137->136 137->137 146->146 146->147 147->76
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C6B198
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00C6B1B0
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00C6B1D4
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C6B200
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00C6B214
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00C6B236
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C6B332
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C505A7: GetStdHandle.KERNEL32(000000F6), ref: 00C505C6
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C6B34B
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C6B366
                                                                                                                                                                                                                                                                                                                                                                                • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00C6B3B6
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 00C6B407
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00C6B439
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00C6B44A
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00C6B45C
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00C6B46E
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00C6B4E3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 429af41459e5ec76338c20892af34133ff0285e00d955700cd69fd595ae90042
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ce17656235ae3e44a06d3a3fcb87a27114bad1fe9694589bc41f70b211078f22
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 429af41459e5ec76338c20892af34133ff0285e00d955700cd69fd595ae90042
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DF1CD716083409FC724EF25C891B2FBBE4AF85314F14846DF9998B2A2DB30ED85CB52
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetInputState.USER32 ref: 00BED807
                                                                                                                                                                                                                                                                                                                                                                                • timeGetTime.WINMM ref: 00BEDA07
                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BEDB28
                                                                                                                                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 00BEDB7B
                                                                                                                                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00BEDB89
                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BEDB9F
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNELBASE(0000000A), ref: 00BEDBB1
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7b621d21d7af624223b5fc016c11e9e36175a7c4909ce38504cf4a367e702032
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6181415c6161465e3803ba41f0dd6785feab9720b44a6ed1d58fa8f0977c1591
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b621d21d7af624223b5fc016c11e9e36175a7c4909ce38504cf4a367e702032
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8142F430608382DFDB24CF26C884B7AB7E0FF45314F5446ADE96687291D7B4E984DB92

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00BE2D07
                                                                                                                                                                                                                                                                                                                                                                                • RegisterClassExW.USER32(00000030), ref: 00BE2D31
                                                                                                                                                                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00BE2D42
                                                                                                                                                                                                                                                                                                                                                                                • InitCommonControlsEx.COMCTL32(?), ref: 00BE2D5F
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00BE2D6F
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(000000A9), ref: 00BE2D85
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00BE2D94
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 443acc1bfaa4b2c788c49fadc9b653392bcb5a9e7a3f76b56fcd37d5fabe5908
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9f326ecbf3738f3be42ce9936d21867687b0fc4cddda00872fc636e1a9802bee
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 443acc1bfaa4b2c788c49fadc9b653392bcb5a9e7a3f76b56fcd37d5fabe5908
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B21F7B1D01349AFDB00DFA4EC99BDDBBB8FB08701F14821AF915A62A0D7B10584CF91

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 457 c2065b-c2068b call c2042f 460 c206a6-c206b2 call c15221 457->460 461 c2068d-c20698 call c0f2c6 457->461 467 c206b4-c206c9 call c0f2c6 call c0f2d9 460->467 468 c206cb-c20714 call c2039a 460->468 466 c2069a-c206a1 call c0f2d9 461->466 477 c2097d-c20983 466->477 467->466 475 c20781-c2078a GetFileType 468->475 476 c20716-c2071f 468->476 481 c207d3-c207d6 475->481 482 c2078c-c207bd GetLastError call c0f2a3 CloseHandle 475->482 479 c20721-c20725 476->479 480 c20756-c2077c GetLastError call c0f2a3 476->480 479->480 486 c20727-c20754 call c2039a 479->486 480->466 484 c207d8-c207dd 481->484 485 c207df-c207e5 481->485 482->466 496 c207c3-c207ce call c0f2d9 482->496 489 c207e9-c20837 call c1516a 484->489 485->489 490 c207e7 485->490 486->475 486->480 500 c20847-c2086b call c2014d 489->500 501 c20839-c20845 call c205ab 489->501 490->489 496->466 507 c2087e-c208c1 500->507 508 c2086d 500->508 501->500 506 c2086f-c20879 call c186ae 501->506 506->477 510 c208e2-c208f0 507->510 511 c208c3-c208c7 507->511 508->506 514 c208f6-c208fa 510->514 515 c2097b 510->515 511->510 513 c208c9-c208dd 511->513 513->510 514->515 516 c208fc-c2092f CloseHandle call c2039a 514->516 515->477 519 c20963-c20977 516->519 520 c20931-c2095d GetLastError call c0f2a3 call c15333 516->520 519->515 520->519
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C2039A: CreateFileW.KERNELBASE(00000000,00000000,?,00C20704,?,?,00000000,?,00C20704,00000000,0000000C), ref: 00C203B7
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00C2076F
                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00C20776
                                                                                                                                                                                                                                                                                                                                                                                • GetFileType.KERNELBASE(00000000), ref: 00C20782
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00C2078C
                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00C20795
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00C207B5
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00C208FF
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00C20931
                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00C20938
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                                                • String ID: H
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3b6110ad7aa95be1a1243097bc6c65dd75da52dcf241cb2d0e47e35bdb0ae011
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cf406549cc10132e79d8418751eb40d831cdf764ddd1ceb54dd9a418045d453c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b6110ad7aa95be1a1243097bc6c65dd75da52dcf241cb2d0e47e35bdb0ae011
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EDA11832A041188FDF19EF68EC51BAE7BA0AB46320F24015EF8159B3E2D7319D53DB91

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00CB1418,?,00BE2E7F,?,?,?,00000000), ref: 00BE3A78
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00BE3379
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00BE356A
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00C2318D
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00C231CE
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00C23210
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C23277
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C23286
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 78ef865e40e07e4242b4c2cdd4e85b6422197f242eb4ee9031955c530f0c8d86
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 72d0cf4a467dca1944ebdd60500117299a1dc6b44cdd0f9115349799faa09469
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 78ef865e40e07e4242b4c2cdd4e85b6422197f242eb4ee9031955c530f0c8d86
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A67158714043419EC314EF66E885AAEBBECFF99740F404A2EF555931B1EB349A48CB62

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00BE2B8E
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00BE2B9D
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(00000063), ref: 00BE2BB3
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(000000A4), ref: 00BE2BC5
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(000000A2), ref: 00BE2BD7
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00BE2BEF
                                                                                                                                                                                                                                                                                                                                                                                • RegisterClassExW.USER32(?), ref: 00BE2C40
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE2CD4: GetSysColorBrush.USER32(0000000F), ref: 00BE2D07
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE2CD4: RegisterClassExW.USER32(00000030), ref: 00BE2D31
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00BE2D42
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE2CD4: InitCommonControlsEx.COMCTL32(?), ref: 00BE2D5F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00BE2D6F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE2CD4: LoadIconW.USER32(000000A9), ref: 00BE2D85
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00BE2D94
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f21a94d3542fe7b8e3d303a59421dd3d350f2bd7b2e275fad75d44e82f3e8d62
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1d22e6c496f37a6207adaf4dd69e1c952f97448ecc4c1accad2480a75c7986a4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f21a94d3542fe7b8e3d303a59421dd3d350f2bd7b2e275fad75d44e82f3e8d62
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21212F71E00354ABDB109FA5ECA5BAD7FF4FB48B50F58415AEA04A66B0E7B10940CF90

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 598 be3170-be3185 599 be3187-be318a 598->599 600 be31e5-be31e7 598->600 602 be318c-be3193 599->602 603 be31eb 599->603 600->599 601 be31e9 600->601 604 be31d0-be31d8 DefWindowProcW 601->604 607 be3199-be319e 602->607 608 be3265-be326d PostQuitMessage 602->608 605 c22dfb-c22e23 call be18e2 call bfe499 603->605 606 be31f1-be31f6 603->606 609 be31de-be31e4 604->609 641 c22e28-c22e2f 605->641 611 be321d-be3244 SetTimer RegisterWindowMessageW 606->611 612 be31f8-be31fb 606->612 614 be31a4-be31a8 607->614 615 c22e7c-c22e90 call c4bf30 607->615 610 be3219-be321b 608->610 610->609 611->610 620 be3246-be3251 CreatePopupMenu 611->620 617 c22d9c-c22d9f 612->617 618 be3201-be320f KillTimer call be30f2 612->618 621 be31ae-be31b3 614->621 622 c22e68-c22e72 call c4c161 614->622 615->610 634 c22e96 615->634 626 c22da1-c22da5 617->626 627 c22dd7-c22df6 MoveWindow 617->627 638 be3214 call be3c50 618->638 620->610 623 be31b9-be31be 621->623 624 c22e4d-c22e54 621->624 639 c22e77 622->639 632 be31c4-be31ca 623->632 633 be3253-be3263 call be326f 623->633 624->604 637 c22e5a-c22e63 call c40ad7 624->637 635 c22dc6-c22dd2 SetFocus 626->635 636 c22da7-c22daa 626->636 627->610 632->604 632->641 633->610 634->604 635->610 636->632 642 c22db0-c22dc1 call be18e2 636->642 637->604 638->610 639->610 641->604 646 c22e35-c22e48 call be30f2 call be3837 641->646 642->610 646->604
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00BE316A,?,?), ref: 00BE31D8
                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,00000001,?,?,?,?,?,00BE316A,?,?), ref: 00BE3204
                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00BE3227
                                                                                                                                                                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00BE316A,?,?), ref: 00BE3232
                                                                                                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00BE3246
                                                                                                                                                                                                                                                                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 00BE3267
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                                                • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a46fbd4a4f88d49a70e806f69959534be7bcb003f7fdeda56d2eee76e758ed56
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e8afba24972c540351695b0b602629835ba12c955cac7d4e7e600a4d955fc39d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a46fbd4a4f88d49a70e806f69959534be7bcb003f7fdeda56d2eee76e758ed56
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F416931204280A7DF141B399C9DBBD37D9EB05B41F4802ADFA56971A1DB71CF40D762

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 654 be1410-be1449 655 be144f-be1465 mciSendStringW 654->655 656 c224b8-c224b9 DestroyWindow 654->656 657 be146b-be1473 655->657 658 be16c6-be16d3 655->658 659 c224c4-c224d1 656->659 657->659 660 be1479-be1488 call be182e 657->660 661 be16f8-be16ff 658->661 662 be16d5-be16f0 UnregisterHotKey 658->662 663 c224d3-c224d6 659->663 664 c22500-c22507 659->664 675 be148e-be1496 660->675 676 c2250e-c2251a 660->676 661->657 667 be1705 661->667 662->661 666 be16f2-be16f3 call be10d0 662->666 668 c224e2-c224e5 FindClose 663->668 669 c224d8-c224e0 call be6246 663->669 664->659 672 c22509 664->672 666->661 667->658 674 c224eb-c224f8 668->674 669->674 672->676 674->664 680 c224fa-c224fb call c532b1 674->680 681 c22532-c2253f 675->681 682 be149c-be14c1 call becfa0 675->682 677 c22524-c2252b 676->677 678 c2251c-c2251e FreeLibrary 676->678 677->676 683 c2252d 677->683 678->677 680->664 684 c22541-c2255e VirtualFree 681->684 685 c22566-c2256d 681->685 692 be14f8-be1503 CoUninitialize 682->692 693 be14c3 682->693 683->681 684->685 688 c22560-c22561 call c53317 684->688 685->681 689 c2256f 685->689 688->685 694 c22574-c22578 689->694 692->694 695 be1509-be150e 692->695 696 be14c6-be14f6 call be1a05 call be19ae 693->696 694->695 699 c2257e-c22584 694->699 697 be1514-be151e 695->697 698 c22589-c22596 call c532eb 695->698 696->692 703 be1707-be1714 call bff80e 697->703 704 be1524-be15a5 call be988f call be1944 call be17d5 call bffe14 call be177c call be988f call becfa0 call be17fe call bffe14 697->704 710 c22598 698->710 699->695 703->704 714 be171a 703->714 716 c2259d-c225bf call bffdcd 704->716 744 be15ab-be15cf call bffe14 704->744 710->716 714->703 722 c225c1 716->722 725 c225c6-c225e8 call bffdcd 722->725 732 c225ea 725->732 735 c225ef-c22611 call bffdcd 732->735 740 c22613 735->740 743 c22618-c22625 call c464d4 740->743 749 c22627 743->749 744->725 750 be15d5-be15f9 call bffe14 744->750 752 c2262c-c22639 call bfac64 749->752 750->735 755 be15ff-be1619 call bffe14 750->755 759 c2263b 752->759 755->743 760 be161f-be1643 call be17d5 call bffe14 755->760 762 c22640-c2264d call c53245 759->762 760->752 769 be1649-be1651 760->769 767 c2264f 762->767 770 c22654-c22661 call c532cc 767->770 769->762 771 be1657-be1675 call be988f call be190a 769->771 776 c22663 770->776 771->770 780 be167b-be1689 771->780 779 c22668-c22675 call c532cc 776->779 786 c22677 779->786 780->779 782 be168f-be16c5 call be988f * 3 call be1876 780->782 786->786
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00BE1459
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.COMBASE ref: 00BE14F8
                                                                                                                                                                                                                                                                                                                                                                                • UnregisterHotKey.USER32(?), ref: 00BE16DD
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00C224B9
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 00C2251E
                                                                                                                                                                                                                                                                                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00C2254B
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: close all
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f4a6d75dd3f5302a2624efab16ee978938ab34657d665fd92852a46feae82955
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b1429f1518026c21e7da26860738bc9cb1e67ce0bece475a67a89cf4c8ef3fa5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4a6d75dd3f5302a2624efab16ee978938ab34657d665fd92852a46feae82955
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11D18D71701262DFCB29EF19D895A29F7E0BF04700F2486EDE54A6B652CB30AD56CF50

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 803 be2c63-be2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00BE2C91
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00BE2CB2
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00BE1CAD,?), ref: 00BE2CC6
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00BE1CAD,?), ref: 00BE2CCF
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c9c967a5b261ece003ec898ccb4cc16c91507a22a07f94992cdf1e0d9b1b1196
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f910134bcf29052d0909fa78b246cd7d970a86e6919dc7bf633e13f582641acb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9c967a5b261ece003ec898ccb4cc16c91507a22a07f94992cdf1e0d9b1b1196
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98F03A755402907AEB301B23AC58F7B2EBDD7C6F51F58411EFE04A21B0E6614840DBB0

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 954 be3b1c-be3b27 955 be3b99-be3b9b 954->955 956 be3b29-be3b2e 954->956 958 be3b8c-be3b8f 955->958 956->955 957 be3b30-be3b48 RegOpenKeyExW 956->957 957->955 959 be3b4a-be3b69 RegQueryValueExW 957->959 960 be3b6b-be3b76 959->960 961 be3b80-be3b8b RegCloseKey 959->961 962 be3b78-be3b7a 960->962 963 be3b90-be3b97 960->963 961->958 964 be3b7e 962->964 963->964 964->961
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00BE3B0F,SwapMouseButtons,00000004,?), ref: 00BE3B40
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00BE3B0F,SwapMouseButtons,00000004,?), ref: 00BE3B61
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00BE3B0F,SwapMouseButtons,00000004,?), ref: 00BE3B83
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8cef95d95e79b9ecb082af71cecf4ec17990ae1af179a6cc98b0f34d82be278c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: aec8a74383dd3589fd4164130e081e40dc2d59cdcfab254bc2c11298c0445ede
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8cef95d95e79b9ecb082af71cecf4ec17990ae1af179a6cc98b0f34d82be278c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8112AB5510248FFDB208FA6DC88AAEB7F8EF44B84B108599E806D7110D3319E4097A0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00C233A2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE6B57: _wcslen.LIBCMT ref: 00BE6B6A
                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00BE3A04
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9939dac31121ce3b5d3371a6290580d44494bed46adf5c77ce24b4290c42aa42
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4d8c75b7a0d4b704bbfbacaf46f2eae05b9904640988cb18f5378664555efd46
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9939dac31121ce3b5d3371a6290580d44494bed46adf5c77ce24b4290c42aa42
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB31D471408384AAC725EB21DC59BEFB7D8AF40B10F14466EF599830E1EB749B49C7C6
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00C00668
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C032A4: RaiseException.KERNEL32(?,?,?,00C0068A,?,00CB1444,?,?,?,?,?,?,00C0068A,00BE1129,00CA8738,00BE1129), ref: 00C03304
                                                                                                                                                                                                                                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00C00685
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b468bd9c9db186ac10a49346b75d5e6ab24b1bf27842086725f600ee4990360f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: eec95436b15205833f7189803c8f7516c78810c6f0ca447cbc1aad3f2eedc79f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b468bd9c9db186ac10a49346b75d5e6ab24b1bf27842086725f600ee4990360f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48F0C23890060EB7CB00BA65DC46EAE7BADAE00350F704571BA24D65D2EF72EB69D590
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00BE1BF4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00BE1BFC
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00BE1C07
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00BE1C12
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00BE1C1A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00BE1C22
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE1B4A: RegisterWindowMessageW.USER32(00000004,?,00BE12C4), ref: 00BE1BA2
                                                                                                                                                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00BE136A
                                                                                                                                                                                                                                                                                                                                                                                • OleInitialize.OLE32 ref: 00BE1388
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000), ref: 00C224AB
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 02429eef9f1864f34a80cf52127c90f33dc5c7d88c095ee54e59c5bacf34e7ee
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 938c1836aaa7e2e7ab412ef0346b057127176f0374e0f447237a8e934414348f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02429eef9f1864f34a80cf52127c90f33dc5c7d88c095ee54e59c5bacf34e7ee
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6271B0B49112418EC7A4DF7AA86579D3BE4FB88340BED876EDC0AD72A1EB305449CF50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00BE3A04
                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00C4C259
                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,00000001,?,?), ref: 00C4C261
                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00C4C270
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0866ba8d047f80e7dec32b8797a6c351ab01edcfb4e6e2c89f5726f9da860efe
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 11f295f0f86563c41a9dc395ee067d247e68f966000b5ee1d024c2cebf8a51c0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0866ba8d047f80e7dec32b8797a6c351ab01edcfb4e6e2c89f5726f9da860efe
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B3198709053446FEB729F64C8D57EBBBECAB06308F04049DD6EE97151C7B45A84CB51
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000,00000000,?,?,00C185CC,?,00CA8CC8,0000000C), ref: 00C18704
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00C185CC,?,00CA8CC8,0000000C), ref: 00C1870E
                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00C18739
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a7b6dbd6844299bed4f127acb203a8c70cdd94d1ed552aecca4eced110bcd2e2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ae1eacfb8ba756e1badb303f7f7d7f03f9b069b9078111068396f8b7ad82030b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7b6dbd6844299bed4f127acb203a8c70cdd94d1ed552aecca4eced110bcd2e2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5014932A0D62066D664A334A885BFE67494BC3774F39025EF8389B1E2DEA0CDC5B190
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 00BEDB7B
                                                                                                                                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00BEDB89
                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00BEDB9F
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNELBASE(0000000A), ref: 00BEDBB1
                                                                                                                                                                                                                                                                                                                                                                                • TranslateAcceleratorW.USER32(?,?,?), ref: 00C31CC9
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c92541e7d81bdd351436fc6b31c7da52ef6f83976acbaeca6deaade0d0e5fd3a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2d8d07c4b40c0a3b1b78e8295c074f628ab835647adc7b3bf48c0918cad5fca9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c92541e7d81bdd351436fc6b31c7da52ef6f83976acbaeca6deaade0d0e5fd3a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20F05E306043819BEB34CBB1DC99FEA73ECEB44310F544659EA1A830D0EB709588CB25
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00BF17F6
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                                • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c2e38a7a527ea54f524c264217cc326297d1547d8b06190f48460f7f38997934
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 50b1732d6e0365a358a9c638740dfc3cb7bdff9769b5d21a75430dd1825eb6bc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2e38a7a527ea54f524c264217cc326297d1547d8b06190f48460f7f38997934
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C227970608245EFC714DF18C480A3ABBF1AF95354F248DADF69A8B361D731E949CB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(?), ref: 00C22C8C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00BE3A97,?,?,00BE2E7F,?,?,?,00000000), ref: 00BE3AC2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE2DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00BE2DC4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: X
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: aac4da5f9061142edfab8a0c3f8bea34bacaf8f75bc2bad07060c1ce5a9d228c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5676a0b1d74e256cd45db0dd4d607e272d43bbf598afa99172d59626fc61d551
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aac4da5f9061142edfab8a0c3f8bea34bacaf8f75bc2bad07060c1ce5a9d228c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2321D570A00298AFDF01DF95C849BEE7BFCAF49304F048059E515A7241DBB45A898FA1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00BE3908
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8567401e3f312cab94e1a7e7f446f25d7bfbca2983c348c52e038f3234922034
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b78ba7e1d720bc75385c58a631e0a3fe83cf3d6177ea229f95ff56198deaf971
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8567401e3f312cab94e1a7e7f446f25d7bfbca2983c348c52e038f3234922034
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5F31A2705043419FD720DF25D8997ABBBF8FB49708F04096EFA9A83290E771AA44CB52
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • timeGetTime.WINMM ref: 00BFF661
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BED730: GetInputState.USER32 ref: 00BED807
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 00C3F2DE
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: faa6a62de48e9e7e25c7528410794b72a1722b70685123788bee9b97b167f20a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ce27500876c156d927471390ca057b58f3a08539bc4eb4788eabeab7b3c27010
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: faa6a62de48e9e7e25c7528410794b72a1722b70685123788bee9b97b167f20a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22F08C31240206AFD314EF7AD499F6AB7E8EF55760F00006DE95EC7360DB70A840CB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00BE4EDD,?,00CB1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00BE4E9C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00BE4EAE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE4E90: FreeLibrary.KERNEL32(00000000,?,?,00BE4EDD,?,00CB1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00BE4EC0
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00CB1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00BE4EFD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00C23CDE,?,00CB1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00BE4E62
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00BE4E74
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE4E59: FreeLibrary.KERNEL32(00000000,?,?,00C23CDE,?,00CB1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00BE4E87
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0ee6bef91fb3060c508d78474c6a4acba794779f4f484153924befc31b508680
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1d0f69e1fe4c89b9ff552ee3ca3512c0380f825a27434c8bb0ddb4290d695a00
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ee6bef91fb3060c508d78474c6a4acba794779f4f484153924befc31b508680
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0D11E332600345AACB24BB66DC42FED77E5AF40B11F20886DF546A61C2EF749A459790
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2c082c948b042b59b2aa9a2000f13cdaad35b430195e820d4d376013a70ccc72
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fb35436efea6fff28b9e5ca110eed4c3ed2d679afb731cca5829b933fd14e962
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c082c948b042b59b2aa9a2000f13cdaad35b430195e820d4d376013a70ccc72
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6911487190810AAFCB05DF58E940ADE7BF5EF49300F104059F808AB312DA30DA25DBA4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C14C7D: RtlAllocateHeap.NTDLL(00000008,00BE1129,00000000,?,00C12E29,00000001,00000364,?,?,?,00C0F2DE,00C13863,00CB1444,?,00BFFDF5,?), ref: 00C14CBE
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1506C
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 14b0be41705ea20163abe889ecb3cd747a43da9050fdcbb616fb3847b51210d7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48012B722047049BE3218E5598819DAFBE8FBCA370F25051DE194832C0E630A946D6B4
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: df9bbdbd990614f5e01e5072d2eff8af9082a073959f8c81a3f16ca58b12996b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19F0F432510A1896DA313A6AAC05B9A339C9F53335F100B19F421931D2CF719946E6A5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,00BE1129,00000000,?,00C12E29,00000001,00000364,?,?,?,00C0F2DE,00C13863,00CB1444,?,00BFFDF5,?), ref: 00C14CBE
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 213ba7cbc4c5fdd554fbf1f9972a20f3d3b294debdabf28444f28ab438fd78a9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8020acc6da25493ed26eb66e9b1545884957a2dab6b646979d1d186721241738
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 213ba7cbc4c5fdd554fbf1f9972a20f3d3b294debdabf28444f28ab438fd78a9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40F0E93160222467DB295F7A9C29BDB3788BF537E0B144125BC29A62D0CA30D991B6E0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,00CB1444,?,00BFFDF5,?,?,00BEA976,00000010,00CB1440,00BE13FC,?,00BE13C6,?,00BE1129), ref: 00C13852
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 13acefb5307cad99c59863e5d35f9fe28083ef7ef5948c595af1fb9e9df07650
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 93c7a6a62f0beccc0c0b603c59dbdaac3be309d78eedbbcb543570e9979f81bd
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13acefb5307cad99c59863e5d35f9fe28083ef7ef5948c595af1fb9e9df07650
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCE0E5311002A596F73127779C04BDB3748AB437B8F054126BD28968D0DB10DF81B1F0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,00CB1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00BE4F6D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 47bc6fc5ba4a3a6b2d00896a66718221658e7b4669c0c68ffddc8ee51d0cccd2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e7239d9a1081e7ab70f7a6ce0ca6249139f80420495405a8ecb96d425d29901f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47bc6fc5ba4a3a6b2d00896a66718221658e7b4669c0c68ffddc8ee51d0cccd2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38F01C71105792CFDB349F66D494916BBE4EF1471931089BEE1DE82511C7359C44DB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 00C72A66
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a9296a87f395cd5f2f601afb6e93026400495a1e78af016e7f27e4c645fbdacb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1404679099578233e2b27ad1f15fe70e75514190776840197f2a5c7687600ac6
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a9296a87f395cd5f2f601afb6e93026400495a1e78af016e7f27e4c645fbdacb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BE04F36750116AAC714EA31EC85AFE775CEB503A5B10853ABC2AD2140DB309A95A6A0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00BE314E
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ce663518d8facb270059a901a4078065a9e34b58f54e6baa277ae7850f1b85e1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 290a8c7e43104af4399855607d11a959a97b9cefa29089a1b6bb656369d8b34c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce663518d8facb270059a901a4078065a9e34b58f54e6baa277ae7850f1b85e1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56F037709143549FE7529B24DC4A7D97BFCA701708F1401E9A64897191E7745788CF51
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00BE2DC4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE6B57: _wcslen.LIBCMT ref: 00BE6B6A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2afa22851543c2e744b5628ac5f8e661f336be56f495d71c758b502ac675aa1f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f27cbf9d005855e0b82467eab7af315f4d95ed2036b006513c4063fbc74b241e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2afa22851543c2e744b5628ac5f8e661f336be56f495d71c758b502ac675aa1f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5CE0CD726001245BC710D6989C06FDA77DDDFC87D0F0400B5FD09D7258DA60ADC08550
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00BE3908
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BED730: GetInputState.USER32 ref: 00BED807
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00BE2B6B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00BE314E
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 09be2a5bc91738bfb40a396b620b6501583fa5eb2765504a8af81ea6a812a98e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 91d25e3f3649e3d93c5d019b638105e5f16142c6db8e9df5229aa42a235c4f6a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09be2a5bc91738bfb40a396b620b6501583fa5eb2765504a8af81ea6a812a98e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BAE026213002C407CB04BB32A86A6ADB3C98BD1751F8009BEF14243163CF2149894311
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(00000000,00000000,?,00C20704,?,?,00000000,?,00C20704,00000000,0000000C), ref: 00C203B7
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8300e53e612b69c89513623bd6c810cc65c3484a55dc1f406292d4614088ba34
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7542d89a31d85abe2e91900ef203b88eda21c91e21f8c11b0be5175b67a4ba4f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8300e53e612b69c89513623bd6c810cc65c3484a55dc1f406292d4614088ba34
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2ED06C3204010DBBDF028F84DD46EDE3BAAFB48714F014050BE1856020C732E861AB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00BE1CBC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7ddc16c500c3ccf158fbbf024b50df97373d168c31dfece912c821813b4f2bad
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7da9a6e0d591f53b1bd04ecf708d212e14e5e181c4e9acda415510150e626028
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ddc16c500c3ccf158fbbf024b50df97373d168c31dfece912c821813b4f2bad
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75C09236280305AFF3248B80BC9AF2877A4A348B00F488101FA0DA95F3D3A22860FB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF9BB2
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00C7961A
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00C7965B
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00C7969F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00C796C9
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00C796F2
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 00C7978B
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000009), ref: 00C79798
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00C797AE
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000010), ref: 00C797B8
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00C797E9
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00C79810
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001030,?,00C77E95), ref: 00C79918
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00C7992E
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00C79941
                                                                                                                                                                                                                                                                                                                                                                                • SetCapture.USER32(?), ref: 00C7994A
                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00C799AF
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00C799BC
                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00C799D6
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseCapture.USER32 ref: 00C799E1
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00C79A19
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00C79A26
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00C79A80
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00C79AAE
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00C79AEB
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00C79B1A
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00C79B3B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00C79B4A
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00C79B68
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00C79B75
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00C79B93
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00C79BFA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00C79C2B
                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00C79C84
                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00C79CB4
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00C79CDE
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00C79D01
                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00C79D4E
                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00C79D82
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9944: GetWindowLongW.USER32(?,000000EB), ref: 00BF9952
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C79E05
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4d34751e87b3484a4aa8156e54b0c7191c33e079154214ce24f63d4365bae5d4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c094e2197551288da6fb69309137e5859f84e3475d6296878b4f096e7f0aded4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d34751e87b3484a4aa8156e54b0c7191c33e079154214ce24f63d4365bae5d4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA428B74604641AFDB24CF28CC84BAABBF5FF49360F14861DFAAD872A1D731A950CB51
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00C748F3
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00C74908
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00C74927
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00C7494B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00C7495C
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00C7497B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00C749AE
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00C749D4
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00C74A0F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00C74A56
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00C74A7E
                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 00C74A97
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00C74AF2
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00C74B20
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C74B94
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00C74BE3
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00C74C82
                                                                                                                                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00C74CAE
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00C74CC9
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00C74CF1
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00C74D13
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00C74D33
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00C74D5A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bc35484f8e3502cf5e0aa35c4be5f744b84560484d35e3d1b89a2e4cec45d255
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 611ea1e60d451e6ee38b277d68c079b6b1418dec8f03e3d9a1c4de9546f94222
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc35484f8e3502cf5e0aa35c4be5f744b84560484d35e3d1b89a2e4cec45d255
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C12D071600219ABEB298F69CC89FBE7BF8EF45710F108169F52ADB1E1D7749A40CB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00BFF998
                                                                                                                                                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00C3F474
                                                                                                                                                                                                                                                                                                                                                                                • IsIconic.USER32(00000000), ref: 00C3F47D
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000009), ref: 00C3F48A
                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00C3F494
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00C3F4AA
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00C3F4B1
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00C3F4BD
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 00C3F4CE
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 00C3F4D6
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00C3F4DE
                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00C3F4E1
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00C3F4F6
                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00C3F501
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00C3F50B
                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00C3F510
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00C3F519
                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00C3F51E
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00C3F528
                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00C3F52D
                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00C3F530
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00C3F557
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c666e778a43b9562c983e5ddd71e4d884e46fd90e6600bf9df96a696fca9b940
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 423c5959e3d92d88c80796138b8d7770929d945398852b3c071c7d340d08ee12
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c666e778a43b9562c983e5ddd71e4d884e46fd90e6600bf9df96a696fca9b940
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0317271E50219BBEB206BB55C8AFBF7E6CEB44B50F10046DFA04EA1D1C6B15D41AA60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C416C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00C4170D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C416C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00C4173A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C416C3: GetLastError.KERNEL32 ref: 00C4174A
                                                                                                                                                                                                                                                                                                                                                                                • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00C41286
                                                                                                                                                                                                                                                                                                                                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00C412A8
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00C412B9
                                                                                                                                                                                                                                                                                                                                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00C412D1
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessWindowStation.USER32 ref: 00C412EA
                                                                                                                                                                                                                                                                                                                                                                                • SetProcessWindowStation.USER32(00000000), ref: 00C412F4
                                                                                                                                                                                                                                                                                                                                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00C41310
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C410BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00C411FC), ref: 00C410D4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C410BF: CloseHandle.KERNEL32(?,?,00C411FC), ref: 00C410E9
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                                                • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1334da7daa70856e1663704ef3d0cb6c3a93e931cfe19010d0529af477862509
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ab8f00d7f5c84fdbd7d3b1dad98f3f7c26df85aaba0e26410201481b0f891ffb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1334da7daa70856e1663704ef3d0cb6c3a93e931cfe19010d0529af477862509
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95818C71900209AFDF219FA4DC89FEE7BB9FF04704F184129FE64A61A0D7749A84CB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C410F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00C41114
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C410F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00C40B9B,?,?,?), ref: 00C41120
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C410F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00C40B9B,?,?,?), ref: 00C4112F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C410F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00C40B9B,?,?,?), ref: 00C41136
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C410F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00C4114D
                                                                                                                                                                                                                                                                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00C40BCC
                                                                                                                                                                                                                                                                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00C40C00
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00C40C17
                                                                                                                                                                                                                                                                                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00C40C51
                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00C40C6D
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00C40C84
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00C40C8C
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00C40C93
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00C40CB4
                                                                                                                                                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000), ref: 00C40CBB
                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00C40CEA
                                                                                                                                                                                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00C40D0C
                                                                                                                                                                                                                                                                                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00C40D1E
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C40D45
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00C40D4C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C40D55
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00C40D5C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C40D65
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00C40D6C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00C40D78
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00C40D7F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C41193: GetProcessHeap.KERNEL32(00000008,00C40BB1,?,00000000,?,00C40BB1,?), ref: 00C411A1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C41193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00C40BB1,?), ref: 00C411A8
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C41193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00C40BB1,?), ref: 00C411B7
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0d0025cd1e01c2573cc122a6020e0b5d07d03e30b84d7f7a230efcd3a52c989e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2d8e1980813b57ad8b3380462653f9bf09df90dedb498589d44eb531c9a1ed5a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d0025cd1e01c2573cc122a6020e0b5d07d03e30b84d7f7a230efcd3a52c989e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C714F7294020AABDF10DFE4DC84FAEBBB8BF44310F144529EA19A6191D775AA45CBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • OpenClipboard.USER32(00C7CC08), ref: 00C5EB29
                                                                                                                                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 00C5EB37
                                                                                                                                                                                                                                                                                                                                                                                • GetClipboardData.USER32(0000000D), ref: 00C5EB43
                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 00C5EB4F
                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00C5EB87
                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 00C5EB91
                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00C5EBBC
                                                                                                                                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 00C5EBC9
                                                                                                                                                                                                                                                                                                                                                                                • GetClipboardData.USER32(00000001), ref: 00C5EBD1
                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00C5EBE2
                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00C5EC22
                                                                                                                                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000F), ref: 00C5EC38
                                                                                                                                                                                                                                                                                                                                                                                • GetClipboardData.USER32(0000000F), ref: 00C5EC44
                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00C5EC55
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00C5EC77
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00C5EC94
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00C5ECD2
                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00C5ECF3
                                                                                                                                                                                                                                                                                                                                                                                • CountClipboardFormats.USER32 ref: 00C5ED14
                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 00C5ED59
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8dba75339432f137f7412765b71866ffef8d415a721d3eb46b0213a8a2a3289c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bc3fa917f66220126f325e0477e7e8f993e9acce1e9ed00b15d0016f131eff7b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8dba75339432f137f7412765b71866ffef8d415a721d3eb46b0213a8a2a3289c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF61D1382042429FD314EF25C889F2E77E8EF84745F14455DF85A972A2CB31DE89CBA6
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00C569BE
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00C56A12
                                                                                                                                                                                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00C56A4E
                                                                                                                                                                                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00C56A75
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00C56AB2
                                                                                                                                                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00C56ADF
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9b04db9a04b7a8c229c3fac5d34ec0693e96fcf2bf81bc692a2bac0f5d637da2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dd62d2db4785a420271f9e28ad3dea6c5c65c8131e5288fabfe2f921127e37e0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b04db9a04b7a8c229c3fac5d34ec0693e96fcf2bf81bc692a2bac0f5d637da2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91D16271508340AFC310EB65C881EAFB7ECAF98704F44495DF999C7192EB74DA49C762
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00C59663
                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00C596A1
                                                                                                                                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 00C596BB
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00C596D3
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00C596DE
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00C596FA
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00C5974A
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(00CA6B7C), ref: 00C59768
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00C59772
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00C5977F
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00C5978F
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: df35ae86bbdb47210607518c695244c908cdadc000cc33c507250d025f2fbfe2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c36cd4a84e3e8be2a13a768f203b79367da11874fab13338d56e3ef8e4b9ab4d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: df35ae86bbdb47210607518c695244c908cdadc000cc33c507250d025f2fbfe2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F231A73554161AAFDB149FB4DC49BDE77ACDF09361F1441A6F819E20A0DB34DAC88E14
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00C597BE
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00C59819
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00C59824
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00C59840
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00C59890
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(00CA6B7C), ref: 00C598AE
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00C598B8
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00C598C5
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00C598D5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00C4DB00
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8ada48ab97a7194165d50efa6846d43f5eabbda64875f6b7f7cd3131a03b6230
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 400ee5f98c56b3db60d49cd125a28480823ab040467bd287155a294dd9c480c1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ada48ab97a7194165d50efa6846d43f5eabbda64875f6b7f7cd3131a03b6230
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C731C73550121AABDB14AFB4EC48BDE77ACDF06325F1441A5E824A21E1DB30DAC8DB24
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C6B6AE,?,?), ref: 00C6C9B5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6C998: _wcslen.LIBCMT ref: 00C6C9F1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6C998: _wcslen.LIBCMT ref: 00C6CA68
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6C998: _wcslen.LIBCMT ref: 00C6CA9E
                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C6BF3E
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00C6BFA9
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00C6BFCD
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00C6C02C
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00C6C0E7
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00C6C154
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00C6C1E9
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00C6C23A
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00C6C2E3
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00C6C382
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00C6C38F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c0a12924530c7a7db02fd5032e628537aeda7a37646f2bb62dffe71570eff281
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dae0c5571f14e571d3f5d45cb71dc582a8ce79c8a133f1a096799c4ff71bc3e0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0a12924530c7a7db02fd5032e628537aeda7a37646f2bb62dffe71570eff281
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01023C716042409FC724DF29C8D5E2ABBE5EF49304F1884ADF89ACB2A2DB31ED45CB51
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 00C58257
                                                                                                                                                                                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 00C58267
                                                                                                                                                                                                                                                                                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00C58273
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00C58310
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00C58324
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00C58356
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00C5838C
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00C58395
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3ffdbc6a5d9fb50dec2791771befddae0c98685b67c86848390386009e0320e4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8d6e54ef769226442ad078330e45ce7339cd39e12f76d45211573b6d1ea31a17
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ffdbc6a5d9fb50dec2791771befddae0c98685b67c86848390386009e0320e4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D617C755043459FC710EF60C880AAFB3E8FF89314F04895DF99997261DB31EA89CB96
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00BE3A97,?,?,00BE2E7F,?,?,?,00000000), ref: 00BE3AC2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4E199: GetFileAttributesW.KERNEL32(?,00C4CF95), ref: 00C4E19A
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00C4D122
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00C4D1DD
                                                                                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00C4D1F0
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 00C4D20D
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00C4D237
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00C4D21C,?,?), ref: 00C4D2B2
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,?,?), ref: 00C4D253
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00C4D264
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0749821f25df218192f7bde64746816b09c90859c114ae383062138e318d2740
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 35041fccde6ce421b79c70feae81da7a9d40947b5e843c80332e229ef8844ace
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0749821f25df218192f7bde64746816b09c90859c114ae383062138e318d2740
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19618D3180114DABCF15FBE1CA92AEDB7B9BF55300F2440A9E412771A2EB306F49DB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 37ce90ad9d2bdb91a4c04b0ac7df19a587c46ead4631348dc3de22279f03d7d6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e5b7d8a483c8cf10ab64fc5efdc02cccb5bac41c692a9fa862d2cfb2a8504e4e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37ce90ad9d2bdb91a4c04b0ac7df19a587c46ead4631348dc3de22279f03d7d6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A941D039204612AFD724DF15D889F19BBE5FF44319F14C09DE8298B6A2C771EE86CB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C416C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00C4170D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C416C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00C4173A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C416C3: GetLastError.KERNEL32 ref: 00C4174A
                                                                                                                                                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(?,00000000), ref: 00C4E932
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                                                • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d26adf9960e9dc706fe08a3ef2789ba9ecf7a17fd941b9df117a80ab898e2140
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 38b8cf0c82b076962a2ca6650b0917db393b5680d06e834ddd53d6bb13e31d6b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d26adf9960e9dc706fe08a3ef2789ba9ecf7a17fd941b9df117a80ab898e2140
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5101F973610211ABEB6426B59CC6FFF729CB724750F1A4825FC53E21E2D6A15D809290
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00C61276
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00C61283
                                                                                                                                                                                                                                                                                                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00C612BA
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00C612C5
                                                                                                                                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 00C612F4
                                                                                                                                                                                                                                                                                                                                                                                • listen.WSOCK32(00000000,00000005), ref: 00C61303
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00C6130D
                                                                                                                                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 00C6133C
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bc54bcfd2718ed80a7cfb839d9bda8200acdae8fa5381c9b2e8bc790cc382fad
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7ebc39fefe9c27f0c585f2ece6ed6ab2a86169ca8ad0d20db26b0df16117edb0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc54bcfd2718ed80a7cfb839d9bda8200acdae8fa5381c9b2e8bc790cc382fad
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 90417F316001419FD720DF25C4D4B2ABBE5AF46319F1C819CD86A8F2E6C771ED85CBA1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1B9D4
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1B9F8
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1BB7F
                                                                                                                                                                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00C83700), ref: 00C1BB91
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00CB121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00C1BC09
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00CB1270,000000FF,?,0000003F,00000000,?), ref: 00C1BC36
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1BD4B
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0caff144655ba8cef566e73f72c41f2070af950ddca152ff4c9bdb7c3a0280e0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2a5b7e3195398a31c961f99afa69b4454ba7dbff0f5353548d6ad62b36bee19f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0caff144655ba8cef566e73f72c41f2070af950ddca152ff4c9bdb7c3a0280e0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CCC1E671904205AFDB249F69D851BEEBBB8EF43310F58419AE4A4D7291DB309E81FF90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00BE3A97,?,?,00BE2E7F,?,?,?,00000000), ref: 00BE3AC2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4E199: GetFileAttributesW.KERNEL32(?,00C4CF95), ref: 00C4E19A
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00C4D420
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 00C4D470
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00C4D481
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00C4D498
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00C4D4A1
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ecf4564c29d782b7aa75ed02f6511046efd8f8e058ebecf0ca14baf31fc89d1b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4c225f0237e6a9a4cdcb01667f649a3b1348ef068773a63537dedb18019dba9d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ecf4564c29d782b7aa75ed02f6511046efd8f8e058ebecf0ca14baf31fc89d1b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6318E310083819BC310FF65C8959AFB7E8BE91304F445E5DF4E6931A2EB30AA49CB63
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4830d20b1874a31596b2d3b88426c23b353e25453dc7bf13ae879a7d7f388d35
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f6f0f177893eac4d05b85cc4451ec973729507e038658373a53ffa1af014f8ca
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4830d20b1874a31596b2d3b88426c23b353e25453dc7bf13ae879a7d7f388d35
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6C23B71E086298FDB25CE28DD447E9B7B5EB4A304F1441EAD85DE7280E774AEC29F40
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C564DC
                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00C56639
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00C7FCF8,00000000,00000001,00C7FB68,?), ref: 00C56650
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 00C568D4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1b843e6981e1bfbc67093d6860f9dddfbbae8abf9703823ae36608578bee8eda
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e717425afb6dc5407cb7f0c6983c34e178d1389187b1f59da4650a2ae9a6580d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b843e6981e1bfbc67093d6860f9dddfbbae8abf9703823ae36608578bee8eda
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0D15A71508341AFC314EF25C881A6BB7E9FF94704F50496DF5958B2A1EB30EE4ACB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(?,?,00000000), ref: 00C622E8
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C5E4EC: GetWindowRect.USER32(?,?), ref: 00C5E504
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00C62312
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00C62319
                                                                                                                                                                                                                                                                                                                                                                                • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00C62355
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00C62381
                                                                                                                                                                                                                                                                                                                                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00C623DF
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9827662ca1adc069d1d6cdaa66a8a54be7f8b8ddd47438e78b0c3e2c77ad179a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 866d12901bfb8358552594a056430153365c5a320079e9f5f63e589b389b3804
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9827662ca1adc069d1d6cdaa66a8a54be7f8b8ddd47438e78b0c3e2c77ad179a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6231CD72505716ABC720DF54D889B9FBBADFF84310F00092DF99997291DB34EA48CB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00C59B78
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00C59C8B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C53874: GetInputState.USER32 ref: 00C538CB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C53874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00C53966
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00C59BA8
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00C59C75
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 44b7ca8c0d501839487024d211e382e361efd556200eb6576bee94f2c4da650d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8a8a1e3e5152a77a3a0b30d1a769b9e2643824ecfcae4727adc58c92bffc037a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44b7ca8c0d501839487024d211e382e361efd556200eb6576bee94f2c4da650d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A41507590424ADFDF14DF64C889AEEBBF8EF05311F244199E815A2191EB30AF88CF64
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF9BB2
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,?,?,?,?), ref: 00BF9A4E
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00BF9B23
                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 00BF9B36
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 90b4d1477d65da775a7b8dd47279a3e9b815fe336676ab3a005b4d4682b82b74
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d1efc213f57165ffa63cbb4774c805a6f4e94a7fa526e7d020c9d8fb29e8ac18
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90b4d1477d65da775a7b8dd47279a3e9b815fe336676ab3a005b4d4682b82b74
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1A12BB0118448BEE739AA3D8CD9F7F26DDDB82340F15434AF722D7592CA259E09D271
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00C6307A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6304E: _wcslen.LIBCMT ref: 00C6309B
                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00C6185D
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00C61884
                                                                                                                                                                                                                                                                                                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00C618DB
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00C618E6
                                                                                                                                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 00C61915
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6026855a3c62744b31d8bbe73eb2c05ca78332f59fd597c15229b6e467f55ed1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3e657ca7206ec9d5ac160557f69c3975ffaffb3d1a86df79a22d89dba427866d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6026855a3c62744b31d8bbe73eb2c05ca78332f59fd597c15229b6e467f55ed1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10519371A002109FD720AF25C8C6F6A77E5AF48718F18849CF9199F3D3D771AD418BA1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 009f0431418013f8f763910252f7ab84149d4b41c314f35fbe38137a76a894fb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ec7cab6e00de3e406713f86682589f95553a75098078eaf6fbdeec74511d7da1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 009f0431418013f8f763910252f7ab84149d4b41c314f35fbe38137a76a894fb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3621BF317402115FD7228F6EC884B2A7BE5EF95324B1DC06CE85E8B251CB71EE42CB90
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d99cc5cb024f5112ea64940133d4f573404b556d62fef46839e90823c082084d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 15a08707881ab4706395176d46b9800076b59bcbbf276a66ef03286b77c51292
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d99cc5cb024f5112ea64940133d4f573404b556d62fef46839e90823c082084d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29A28170E0066ACBDF24CF59D9807AEB7F1FF54310F2481A9D829A7684DB749E81DB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00C4AAAC
                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080), ref: 00C4AAC8
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00C4AB36
                                                                                                                                                                                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00C4AB88
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cb26ca37a65bf1fe1bb1664bd3e82fd5feae4b73dd12ba56489d1294e6a7322c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9735b9ea4545f1014da6323043176547aad9d8e44c5fb16585089d195eab4ff1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cb26ca37a65bf1fe1bb1664bd3e82fd5feae4b73dd12ba56489d1294e6a7322c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D311470AC0218AFFB35CA658C45BFA7BA6FB44320F04421AF5A5961D0D3758A81D762
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,?,00000400,?), ref: 00C5CE89
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 00C5CEEA
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000), ref: 00C5CEFE
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 76f05929411fd134cc3a2a2c40514516b02354cab87c19518f9fdd139b934362
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4bde1e45fbb0e4f84cd895b211c274fd26540c6e1e868d8936b314c1491bb41a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76f05929411fd134cc3a2a2c40514516b02354cab87c19518f9fdd139b934362
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A121C1755003059FD720CFA5C98ABAB77FCEB10315F10441EE956E2151E7B0EE88DB58
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00C482AA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ($|
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a25428378bf1290aae56eaba0a25e2780ee26a4e4a90cf3e724f7fd42e19b7ad
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4231feacaf76b8b0bef5ade7c5575991aff5d0c480a415cfea98bdcd6162ff7c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a25428378bf1290aae56eaba0a25e2780ee26a4e4a90cf3e724f7fd42e19b7ad
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF322675A007059FCB28CF59C481A6AB7F0FF48710B15C56EE5AADB3A1EB70E981CB44
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00C55CC1
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00C55D17
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 00C55D5F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f36bb8467ff2f81c322cdba14331600ea92468044c04afc683d81d5b329b238c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cb36c4d7149bad818d4fbce29a9f0095553d9a0b6551014b363b7af39a851ce8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f36bb8467ff2f81c322cdba14331600ea92468044c04afc683d81d5b329b238c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20517A79604A019FC714CF28C4A4A9AB7F4FF49314F14855DE96A8B3A2CB30FD89CB91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 00C1271A
                                                                                                                                                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00C12724
                                                                                                                                                                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 00C12731
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fb2f159f6d24f5f5e2070d1bf5cc67eb2e4f521a9af5f9f7b2f8580475b050b1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bda8a3f995f435fcc19760aa57915696dc02d8b0b919bf271a8d8ea19f6c276f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb2f159f6d24f5f5e2070d1bf5cc67eb2e4f521a9af5f9f7b2f8580475b050b1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4531B5749112189BCB21DF68DC897DDB7B8AF08310F5041EAE41CA72A1E7349F819F45
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00C551DA
                                                                                                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00C55238
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 00C552A1
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e2393effa97cd45215e9076a405c9fb11776698d8d1179abae87a872ee76aea8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 58b1886ec838b2998168203746dadc0a48fae197e999ed732a47c469c07ea65b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2393effa97cd45215e9076a405c9fb11776698d8d1179abae87a872ee76aea8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D314B75A005199FDB00DF55D894FADBBF4FF49314F048099E809AB3A2DB31E99ACB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BFFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00C00668
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BFFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00C00685
                                                                                                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00C4170D
                                                                                                                                                                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00C4173A
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00C4174A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9baa454d88bab7021fbb8e7f48ed334046a9931a9c2a9571a74b2b98a650a405
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 04c8af72c0321d611505cc97ebe6d9684dba67c5d012b11f5faa6a70c89410f1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9baa454d88bab7021fbb8e7f48ed334046a9931a9c2a9571a74b2b98a650a405
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E11BFB2400209AFD7189F54DCC6E7EB7F9FF04714B24852EE49653251EB70BC818A60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00C4D608
                                                                                                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00C4D645
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00C4D650
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b45f01209babf6b3cc3a39109c2d47f2130bde8257a37cb83b55c4449ffb1880
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1e4370cdd3984fc2f406d067df030999b9904ee73ef99fc3ce7bad1fbc4c25d7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b45f01209babf6b3cc3a39109c2d47f2130bde8257a37cb83b55c4449ffb1880
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1118E71E01228BFDB108F99DC85FEFBBBCEB45B60F108125F918E7290C2704A018BA1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00C4168C
                                                                                                                                                                                                                                                                                                                                                                                • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00C416A1
                                                                                                                                                                                                                                                                                                                                                                                • FreeSid.ADVAPI32(?), ref: 00C416B1
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f76c3a407e2bbf6c4e50e861cec537a27e4d84e857420cd12f0e03fcf6a29d34
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8f6346bb8eacea4fe0caf236c39dc05e5dd5d2bd88b0bb6faada45172f5a0ebf
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f76c3a407e2bbf6c4e50e861cec537a27e4d84e857420cd12f0e03fcf6a29d34
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5F0F471950309FBDB00DFE4DC89EAEBBBCFB08604F504565E901E2181E774AA848BA0
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: /
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 816b67ef790e210d6ca7d746a38e99f6af7d999c73255ce17754a9dc3157d2e6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e57b451ab0716e552416534bc9d9105e776311498f1b1e7eaca2e94cde38542a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 816b67ef790e210d6ca7d746a38e99f6af7d999c73255ce17754a9dc3157d2e6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69413876540219AFCB249FB9CC89EFB7778EB86314F5042A9F925C7190E6309EC1EB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(?,?), ref: 00C3D28C
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                                                • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4e24794bf645d0f1d5ca4cd83400f2719caf8091cc32141875f34f680227607a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 991cf90f7ead468b09ea7e14a26ee29f73ed1c931bc209de020e7ea08f324eeb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e24794bf645d0f1d5ca4cd83400f2719caf8091cc32141875f34f680227607a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15D0C9B481111DEACF90CBA0ECC8EDEB7BCBB04305F100195F506A2000DB3095488F10
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: edeff0d68a9f2f7b9864ece8539eb9dada001a3a8827fc7cd4d897b56893594c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B020C71E002199BDF14CFA9D8C06ADFBF5EF48314F25826AD929E7384D731AA41CB94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00C56918
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00C56961
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3292ac4b70f0ed5c9843c6f61be9147e65189c819b8600688c1f36968020d133
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 649263030775894b4195484c4a72980ac425e630a67656ba5373dda789524aec
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3292ac4b70f0ed5c9843c6f61be9147e65189c819b8600688c1f36968020d133
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC11D3356042019FC710CF2AD484A16BBE0FF84329F44C69DE8698F3A2CB30EC49CB91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00C64891,?,?,00000035,?), ref: 00C537E4
                                                                                                                                                                                                                                                                                                                                                                                • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00C64891,?,?,00000035,?), ref: 00C537F4
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 63e2cddf4906f48706de56ee0e1355138cfa041878c31f68ae5e25761c518b4a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dce6b63b70f57bc3974d5847042408846eaff7032ae22236de096763762c471c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63e2cddf4906f48706de56ee0e1355138cfa041878c31f68ae5e25761c518b4a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5F0EC746042256AE71057765D8DFDB369DDFC47A1F000165F919D22D1D9605984C7B0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00C4B25D
                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 00C4B270
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b0a5463e4cd15af27267ae057936dd7e59020e7d01a8eb57cbc0338eb4941d5a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 181373e455960b7d2876569c2110cd782bcfcbc593fb95bc3b4fd1e07ac38471
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b0a5463e4cd15af27267ae057936dd7e59020e7d01a8eb57cbc0338eb4941d5a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FF01D7180424EABDB159FA1C805BAE7BB4FF04305F008009F965A5192D779C6519F94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00C411FC), ref: 00C410D4
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00C411FC), ref: 00C410E9
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c218af40bf56668284a0820fd4c6a6658ee10f1ccb8a3c634775cc86eebd6dc2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 10590a129cb3f05744931d88d8fc10588f7e89ab81604177ddb58bb6f13ce0b2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c218af40bf56668284a0820fd4c6a6658ee10f1ccb8a3c634775cc86eebd6dc2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5E0BF72014611AEF7252B51FC45F7777E9FF04320B14886DF5A5814B1DB626CD4DB50
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                • Variable is not of type 'Object'., xrefs: 00C30C40
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1840281001
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ae152f52f7222e78ba63c20fc2208a0cbc52c9d26948c3f0bc0dacf4150cac1e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3ae74b063fdcd07ebd5f3fc03c21fc964047d885781bd7864dd4f19b018a8487
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae152f52f7222e78ba63c20fc2208a0cbc52c9d26948c3f0bc0dacf4150cac1e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76328B71910258DFCF14DF91D891AEDBBF5FF04304F2080A9E816AB292D735AE4ACB61
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00C16766,?,?,00000008,?,?,00C1FEFE,00000000), ref: 00C16998
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 655e46fead92986dfaf1e846f0e4bd25116a7500c3eb0f75c7095c6323f71781
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a22164a08ce084b32a2e76484fec16ec2fd92fad89556758319e130cdc17e536
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 655e46fead92986dfaf1e846f0e4bd25116a7500c3eb0f75c7095c6323f71781
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2CB12B31510609DFE715CF28C486BA57BE0FF46364F298658E8A9CF2E2C735DA91DB40
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b44dbcb073718065c28a22d9de16fa4cb2ac76c07a399ba47d39ab794a7f7354
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0427d0ec519f261cd9dfa56e7e8338d846150f41986560999f4461eccfcd4929
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b44dbcb073718065c28a22d9de16fa4cb2ac76c07a399ba47d39ab794a7f7354
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA125E719102299BDB54CF58C980AFEB7F5FF48710F14819AE949EB251EB309E89CF90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • BlockInput.USER32(00000001), ref: 00C5EABD
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ff772216678a84b7a0207f2e42fd4f514fa8e28e4b09cadc0684603a02c650c8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e617c144dd8235608afcbeb355a255285ff23e308d1cda5334e39d3f8d7c24f9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff772216678a84b7a0207f2e42fd4f514fa8e28e4b09cadc0684603a02c650c8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16E04F352102049FC710EF6AD844E9AFBEDBF98760F00845AFD4AC7351DB70E9858B90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00C003EE), ref: 00C009DA
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 218e8337a0b869191a286323416d63245c6b3e90b3a479204d18acf19e8681ff
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 02e8b7bcbf5f407775b8133321c59f2dd7af74ba5387a93ca32bc0d1ad6273da
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 218e8337a0b869191a286323416d63245c6b3e90b3a479204d18acf19e8681ff
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8d8ecaf23c03ada1e37b4e8651dca51d9181ffd3ce86910e9bc556c6e1554561
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40518C71F0C7455BDF3C8669895D7BE23899B42300F188709D8A6E72C2C615FF45E362
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 046a34c57ac39b82582f980a585e4c8540a63f6633883ca1e0cea789c81cb849
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4dba00b5c23bfacae5045b4251a812a45159d5c042d6e724c34710a6b952d97c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 046a34c57ac39b82582f980a585e4c8540a63f6633883ca1e0cea789c81cb849
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B323432D29F014DD7239634CC26339A699AFB73C5F15C737E82AB5AA5EB28C5C35204
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d66ac9e54ea8b58b547f701a783e40b09156521bd773f37f3afcfe1b5ccc4961
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 21b1aefcbb264c1efa29fc192f41bf93e789cca6f0cd8bffc5115ba4c5ffd2d6
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d66ac9e54ea8b58b547f701a783e40b09156521bd773f37f3afcfe1b5ccc4961
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7324B31A1015D8BCF28CF29C5D467DBBE1EF45304F28856AE969EB292D330DE85DB41
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9fefb834a2dcdc81ee51caedf3bb4bbf3c6e1e894f46669fc946c1097bfe46ae
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4f11398b7cd35b4113b8900965a0c2d5d558efecd4797e2eece5d1cae111ab68
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9fefb834a2dcdc81ee51caedf3bb4bbf3c6e1e894f46669fc946c1097bfe46ae
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D422E470A0465ADFDF14CF65D881AAEB3F5FF44300F204669E812E76A1EB36AE15CB50
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 00ebaea266e8c5409af70447500c174b6d183b59f5070020c88fc54eca712abf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4bb99df9beeacccd9b73553d3bc8c597e4d62ae7fbcc8a2e09f623879025d9db
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00ebaea266e8c5409af70447500c174b6d183b59f5070020c88fc54eca712abf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B02D7B0E0011AEBDF04DF55D881BAEB7F1FF44300F1081A9E916AB291EB31AE55DB95
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cab8a43438c477b0f102f0d75ff568f4e75aa1bb8fd7e90d6194dec623f482b2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 321d0caf178d92a08f957c4e23e9bdb525d51867642b225df23e257d675f1d10
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cab8a43438c477b0f102f0d75ff568f4e75aa1bb8fd7e90d6194dec623f482b2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 72B1D230D2AF814DD2239639883133AB65C6FBB6D5F91E71BFC2674D62EB2185834244
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ef11f6e14bf3d579bca23a54dc8238cc3c6d97fa88ac6c9d8c0b4ee81a6ef14d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF9158726081A34ADB2A463E857407EFFE15A923A171E079DDCF2CA1C5FE14DA54D620
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 938c863323c3e1bea0bb1d5ed05fb6027f7e490e5d64c1831a40dabed2fac83d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C9157722091A349DB6D477A857803EFFE15A923A131E079ED8F2CB1C5EE24CB54E620
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: aa15e9e830b3dc49d5b5cde504039063023b21d7217c5d8205c311bdd308c12e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 779124722090E34EDB6D467A857403EFFE15A923A271E079ED8F2CA1C5FE24D754E620
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dcfe012c5a29bc00f4e08fe5f30b1c2679c647aa1f1b4800afcc0dc158b0d177
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 512ade1f528523e015924a226a95fdde68a402f7c711fd631043a02042edfafa
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dcfe012c5a29bc00f4e08fe5f30b1c2679c647aa1f1b4800afcc0dc158b0d177
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95616631F0874967EE3C9A2888A5BBE3394DF41700F105B1AE893CB2C1DA51BF42E765
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a2f3c6608c6c655118c0daecf270d3b07dfd66e449139b3ee47e8fbff32be7b3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f46a5e90d156cf0b2b53d159f33caf8bb0e65173a647df49604586cd0e8cf229
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2f3c6608c6c655118c0daecf270d3b07dfd66e449139b3ee47e8fbff32be7b3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94617A71E087096ADE3C4A288895BBF2398EF42700F104B59E9A3DB6C1DA12FF46D355
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 51e7fbe5a6ebde81c1f5324556ab50f9b6c24794f80b4d14f2f572deea0e4e62
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A8175326090A34EDB6D467E857443EFFE15A923A131E479DD8F2CB1C1EE24C754E620
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 22960d7805f1879f8434e3e99e4612a322a0eed74900141a1abc300075900319
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 33521f4e22c52982da86f3901b4ba7f7e2227b6946b113026334f088053e04c0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 22960d7805f1879f8434e3e99e4612a322a0eed74900141a1abc300075900319
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7621B7326216118BDB28CF79C82377E73E5A794310F158A2EE4A7C77D0DE35A944CB84
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00C62B30
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00C62B43
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 00C62B52
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00C62B6D
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00C62B74
                                                                                                                                                                                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00C62CA3
                                                                                                                                                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00C62CB1
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C62CF8
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00C62D04
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00C62D40
                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C62D62
                                                                                                                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C62D75
                                                                                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C62D80
                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00C62D89
                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C62D98
                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00C62DA1
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C62DA8
                                                                                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00C62DB3
                                                                                                                                                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C62DC5
                                                                                                                                                                                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,00C7FC38,00000000), ref: 00C62DDB
                                                                                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00C62DEB
                                                                                                                                                                                                                                                                                                                                                                                • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00C62E11
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00C62E30
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C62E52
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C6303F
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7de0f9b0b9d9d8f272341ed103bd95d9262eb934ef7fda1a2861ca714a54d536
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 73e58752dd50592fa079597b4817d7b2156bfe89bc387d57732a1ec3d9bd8cd0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7de0f9b0b9d9d8f272341ed103bd95d9262eb934ef7fda1a2861ca714a54d536
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2024971900215AFDB24DFA4CC89FAE7BB9EF48711F048158F919AB2A1DB74AD41CB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00C7712F
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00C77160
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00C7716C
                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,000000FF), ref: 00C77186
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00C77195
                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00C771C0
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 00C771C8
                                                                                                                                                                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 00C771CF
                                                                                                                                                                                                                                                                                                                                                                                • FrameRect.USER32(?,?,00000000), ref: 00C771DE
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00C771E5
                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 00C77230
                                                                                                                                                                                                                                                                                                                                                                                • FillRect.USER32(?,?,?), ref: 00C77262
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C77284
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C773E8: GetSysColor.USER32(00000012), ref: 00C77421
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C773E8: SetTextColor.GDI32(?,?), ref: 00C77425
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C773E8: GetSysColorBrush.USER32(0000000F), ref: 00C7743B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C773E8: GetSysColor.USER32(0000000F), ref: 00C77446
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C773E8: GetSysColor.USER32(00000011), ref: 00C77463
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C773E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00C77471
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C773E8: SelectObject.GDI32(?,00000000), ref: 00C77482
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C773E8: SetBkColor.GDI32(?,00000000), ref: 00C7748B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C773E8: SelectObject.GDI32(?,?), ref: 00C77498
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C773E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00C774B7
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C773E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00C774CE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C773E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00C774DB
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d77b8ef76b9208e104a98b840617ee34b55297ea3e35d434cc6f1f25d2548eeb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c87331ba099d5920108bb90dc568df295bf78768c8c1e2e9d87b198952704420
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d77b8ef76b9208e104a98b840617ee34b55297ea3e35d434cc6f1f25d2548eeb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53A18F72008306EFD7109F60DC88B6E7BA9FB49321F108B1DF96A961A1D771E984DB51
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?), ref: 00BF8E14
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 00C36AC5
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00C36AFE
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00C36F43
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00BF8BE8,?,00000000,?,?,?,?,00BF8BBA,00000000,?), ref: 00BF8FC5
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001053), ref: 00C36F7F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00C36F96
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00C36FAC
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00C36FB7
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5c50e7603476dd2d6fb7b17fb374a40ac796acfa4f070780d3ea500cf0e56fc2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 932f9a3ba038faed1212fc90a71d2a7d4582792454e5e4b5011ca304a7ba2b2a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c50e7603476dd2d6fb7b17fb374a40ac796acfa4f070780d3ea500cf0e56fc2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5112CE30610241EFDB25CF24D894BBAB7E1FB48300F5885A9F5A98B261CB31ED95DF91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 00C6273E
                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00C6286A
                                                                                                                                                                                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00C628A9
                                                                                                                                                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00C628B9
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00C62900
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00C6290C
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00C62955
                                                                                                                                                                                                                                                                                                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00C62964
                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00C62974
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00C62978
                                                                                                                                                                                                                                                                                                                                                                                • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00C62988
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00C62991
                                                                                                                                                                                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 00C6299A
                                                                                                                                                                                                                                                                                                                                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00C629C6
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000030,00000000,00000001), ref: 00C629DD
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00C62A1D
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00C62A31
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000404,00000001,00000000), ref: 00C62A42
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00C62A77
                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00C62A82
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00C62A8D
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00C62A97
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 349a1e5ec1357549c4cc0d7b3aefdbd2213589880ae1fb3dff0a60dc4c45b204
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3778bc278b3c13ca1d317ecd31ec97a254eea80adce7f9a46bf392baa34c8108
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 349a1e5ec1357549c4cc0d7b3aefdbd2213589880ae1fb3dff0a60dc4c45b204
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62B16D71A00605AFEB24DF69DC89FAE7BF9EB08710F148158F915E72A0DB74AD40CB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00C54AED
                                                                                                                                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?,00C7CB68,?,\\.\,00C7CC08), ref: 00C54BCA
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,00C7CB68,?,\\.\,00C7CC08), ref: 00C54D36
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4677bfb710b2f24c5bdf538e143cfc5a5fe0017c20a4b2a069629b9cfab52799
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 84043586baae8e4b3182ee419bae269892fa5ff24af75ebef4a9a41a687c773a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4677bfb710b2f24c5bdf538e143cfc5a5fe0017c20a4b2a069629b9cfab52799
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7961E538605106EBCB0CDF25C981D6C77B1EB8534EB288065FC16AB291DB31EEC9DB49
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000012), ref: 00C77421
                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00C77425
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00C7743B
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00C77446
                                                                                                                                                                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 00C7744B
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 00C77463
                                                                                                                                                                                                                                                                                                                                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00C77471
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00C77482
                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 00C7748B
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00C77498
                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00C774B7
                                                                                                                                                                                                                                                                                                                                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00C774CE
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 00C774DB
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00C7752A
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00C77554
                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 00C77572
                                                                                                                                                                                                                                                                                                                                                                                • DrawFocusRect.USER32(?,?), ref: 00C7757D
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 00C7758E
                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00C77596
                                                                                                                                                                                                                                                                                                                                                                                • DrawTextW.USER32(?,00C770F5,000000FF,?,00000000), ref: 00C775A8
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00C775BF
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00C775CA
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00C775D0
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00C775D5
                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00C775DB
                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00C775E5
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6125716c2901a786365c24c9101d8da76377fb01440c3c72fa85a6171bb5eb1e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8100e8b38d14b8348e760b687120dbe75b01cf809d990a32525554ff797026d4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6125716c2901a786365c24c9101d8da76377fb01440c3c72fa85a6171bb5eb1e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7615272900219AFDF019FA4DC89BAE7F79EB08320F118225F919A72A1D7719980DF90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00C71128
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00C7113D
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00C71144
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C71199
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00C711B9
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00C711ED
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00C7120B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00C7121D
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000421,?,?), ref: 00C71232
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00C71245
                                                                                                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(00000000), ref: 00C712A1
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00C712BC
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00C712D0
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00C712E8
                                                                                                                                                                                                                                                                                                                                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 00C7130E
                                                                                                                                                                                                                                                                                                                                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 00C71328
                                                                                                                                                                                                                                                                                                                                                                                • CopyRect.USER32(?,?), ref: 00C7133F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 00C713AA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ec1b458cb8bd291326a63258846777ae5778dd2780f5b829a4aec997883bbd0f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2ccd3146011b3cdfe46d9ebfde02f8c6dfaeb5b9bcfd108b7b54421cd29872a4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec1b458cb8bd291326a63258846777ae5778dd2780f5b829a4aec997883bbd0f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BBB16871608341AFD714DF69C884B6EBBE4FF88350F04895CF9999B2A1CB31E945CB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00C702E5
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C7031F
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C70389
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C703F1
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C70475
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00C704C5
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00C70504
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BFF9F2: _wcslen.LIBCMT ref: 00BFF9FD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00C42258
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00C4228A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 63c6c49fbb04465e84f0fc1a9b644e498c96ea63205dd3dd972d4d9ef23187e5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: afc7edf05bde7ffd5f8dc772f2b39a2497d930c9d05554c606d9f506fe2fa9c9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63c6c49fbb04465e84f0fc1a9b644e498c96ea63205dd3dd972d4d9ef23187e5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50E1B331218241DFCB14DF25C89193AB7E5BF98318F24856CF8AA9B3A1DB30EE45CB41
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00BF8968
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00BF8970
                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00BF899B
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000008), ref: 00BF89A3
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 00BF89C8
                                                                                                                                                                                                                                                                                                                                                                                • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00BF89E5
                                                                                                                                                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00BF89F5
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00BF8A28
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00BF8A3C
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,000000FF), ref: 00BF8A5A
                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00BF8A76
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00BF8A81
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF912D: GetCursorPos.USER32(?), ref: 00BF9141
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF912D: ScreenToClient.USER32(00000000,?), ref: 00BF915E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF912D: GetAsyncKeyState.USER32(00000001), ref: 00BF9183
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF912D: GetAsyncKeyState.USER32(00000002), ref: 00BF919D
                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(00000000,00000000,00000028,00BF90FC), ref: 00BF8AA8
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 913302e58f5bebd440c24a25de615e0f28786fc53e519ffe7d7b498314f95356
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f75e16c9d805e678df324e8824d50ac25dc851265a03ef7c1157db57ed3d4ead
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 913302e58f5bebd440c24a25de615e0f28786fc53e519ffe7d7b498314f95356
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4B16071A0020AAFDF14DFA8CC95BAE7BB5FB48314F148269FA15A7290DB74E940CB51
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C410F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00C41114
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C410F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00C40B9B,?,?,?), ref: 00C41120
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C410F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00C40B9B,?,?,?), ref: 00C4112F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C410F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00C40B9B,?,?,?), ref: 00C41136
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C410F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00C4114D
                                                                                                                                                                                                                                                                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00C40DF5
                                                                                                                                                                                                                                                                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00C40E29
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00C40E40
                                                                                                                                                                                                                                                                                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00C40E7A
                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00C40E96
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00C40EAD
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00C40EB5
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00C40EBC
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00C40EDD
                                                                                                                                                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000), ref: 00C40EE4
                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00C40F13
                                                                                                                                                                                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00C40F35
                                                                                                                                                                                                                                                                                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00C40F47
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C40F6E
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00C40F75
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C40F7E
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00C40F85
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C40F8E
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00C40F95
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00C40FA1
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00C40FA8
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C41193: GetProcessHeap.KERNEL32(00000008,00C40BB1,?,00000000,?,00C40BB1,?), ref: 00C411A1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C41193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00C40BB1,?), ref: 00C411A8
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C41193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00C40BB1,?), ref: 00C411B7
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 15f34ff149c3d9ce7b03f6ad9d9e880c0f5c4e9995e15493179df05b962efe6d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0d468593343c8a292373b9bbda120b649295396766083a817210f9753c406010
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15f34ff149c3d9ce7b03f6ad9d9e880c0f5c4e9995e15493179df05b962efe6d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69716F7190020AABDF20DFA4DC45FAEBBB8BF05310F144129FA69E7191D7359A55CBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C6C4BD
                                                                                                                                                                                                                                                                                                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,00C7CC08,00000000,?,00000000,?,?), ref: 00C6C544
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00C6C5A4
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C6C5F4
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C6C66F
                                                                                                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00C6C6B2
                                                                                                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00C6C7C1
                                                                                                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00C6C84D
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00C6C881
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00C6C88E
                                                                                                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00C6C960
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 49c038877a3b0e10b71a1dfbf9d2a7e15bb15c2ee60f7b29d35e8828719e70ce
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ec69a854f4046097a67b5d59f0c072fd607ecfcf5a0f1f4c5021852d99a11eda
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49c038877a3b0e10b71a1dfbf9d2a7e15bb15c2ee60f7b29d35e8828719e70ce
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E1257356042019FD724DF29C891A2AB7E5FF88714F04889CF99A9B3A2DB31ED41CB81
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00C709C6
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C70A01
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00C70A54
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C70A8A
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C70B06
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C70B81
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BFF9F2: _wcslen.LIBCMT ref: 00BFF9FD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C42BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00C42BFA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5dca95fce3a342e003097e731ef7311404f12dcf2fd64a0b583f1f1dbd2f5baf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 702859c626099be967732b5c3a5a451268aa06deb6bd5f678645d5fc1b8d13d0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5dca95fce3a342e003097e731ef7311404f12dcf2fd64a0b583f1f1dbd2f5baf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03E17D75208742DFC714DF25C45192AB7E1BF98318F24899DF8AA9B3A2D730EE45CB81
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ff87f36fd63c7d2c0a940c3557e909ee208986f2035fb136073d560e9fe433f2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4c8f587cf43815d9942f798f1cc7c347f5de2d7c9c5f7387010fc3ecde73ccf6
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff87f36fd63c7d2c0a940c3557e909ee208986f2035fb136073d560e9fe433f2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F071027260016B8BCB30DEA9CCC16BF3395AFA1754B250228FCA697285E635CE45D3A0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C7835A
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C7836E
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C78391
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C783B4
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00C783F2
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00C75BF2), ref: 00C7844E
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00C78487
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00C784CA
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00C78501
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 00C7850D
                                                                                                                                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00C7851D
                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,?,?,?,00C75BF2), ref: 00C7852C
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00C78549
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00C78555
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                                                • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 713bdb9f17421f2d7f6104fe29733ff023db58febd0b9435497229baa49eca87
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cf8877046d5945b06e685dda54e02f715b87d044f2b6859c74dfe610123d1ac8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 713bdb9f17421f2d7f6104fe29733ff023db58febd0b9435497229baa49eca87
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5361C271540216BEEB14DF64CC89BBF77ACBB04711F108619FA29D60D1DBB49A84D7A0
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 96e57fc90b2b1f8cb416f13181c8cbb1465969e9557565607ff683766b2e54a0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3b0e45dd33da9d641734ba6d9fcaed6ae49e70f10a07f3227247a695a66dd89f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 96e57fc90b2b1f8cb416f13181c8cbb1465969e9557565607ff683766b2e54a0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BC81C171684215BBDB21AF61DC82FBF37E8AF15300F0480A4F919AB192EB70DE55D7A1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CharLowerBuffW.USER32(?,?), ref: 00C53EF8
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C53F03
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C53F5A
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C53F98
                                                                                                                                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?), ref: 00C53FD6
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00C5401E
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00C54059
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00C54087
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: eba855e6e85b69b21d4e42ca86740abc5825f64ef4cc5fc474742b31522d6d54
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9034bbb84e599f066b09cbd34fe3a1bc5c205e698ccf2564f51ee4df72380912
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eba855e6e85b69b21d4e42ca86740abc5825f64ef4cc5fc474742b31522d6d54
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E7114725042029FC710EF25C88186FB7F4EF947A8F104A6DF9A597291EB30DE89CB91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(00000063), ref: 00C45A2E
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00C45A40
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00C45A57
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00C45A6C
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00C45A72
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00C45A82
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00C45A88
                                                                                                                                                                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00C45AA9
                                                                                                                                                                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00C45AC3
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00C45ACC
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C45B33
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00C45B6F
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00C45B75
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00C45B7C
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00C45BD3
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00C45BE0
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000005,00000000,?), ref: 00C45C05
                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00C45C2F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a40951b594b3ce3023ecc5714eaecdeaaf034efa184aac47403b120c9cd200b0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0197cb146744f8bf136d8ca80a08cc97e0ee0546f7c0c6daf23c724a240aa1e2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a40951b594b3ce3023ecc5714eaecdeaaf034efa184aac47403b120c9cd200b0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7718D31900B0AAFDB20DFA8CE85BAEBBF5FF48704F10451CE556A25A1D775EA40CB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 00C5FE27
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 00C5FE32
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00C5FE3D
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 00C5FE48
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 00C5FE53
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 00C5FE5E
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F81), ref: 00C5FE69
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 00C5FE74
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F80), ref: 00C5FE7F
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 00C5FE8A
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 00C5FE95
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 00C5FEA0
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 00C5FEAB
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 00C5FEB6
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 00C5FEC1
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 00C5FECC
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorInfo.USER32(?), ref: 00C5FEDC
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00C5FF1E
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1a8824691088082fedbb6f0b93d398518d6b1f50c58aceee048a6f4f4db04d5d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 479db877854ee87cbf8ebd77b1d58ecbedc6f001773c9cb818a5f8bfad4b25fa
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a8824691088082fedbb6f0b93d398518d6b1f50c58aceee048a6f4f4db04d5d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D4172B0D043196ADB10DFBA8C8985EBFE8FF04354B50462AF51DE7281DB78A941CF94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00C000C6
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C000ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00CB070C,00000FA0,DCF41122,?,?,?,?,00C223B3,000000FF), ref: 00C0011C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C000ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00C223B3,000000FF), ref: 00C00127
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C000ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00C223B3,000000FF), ref: 00C00138
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C000ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00C0014E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C000ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00C0015C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C000ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00C0016A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C000ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00C00195
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C000ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00C001A0
                                                                                                                                                                                                                                                                                                                                                                                • ___scrt_fastfail.LIBCMT ref: 00C000E7
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C000A3: __onexit.LIBCMT ref: 00C000A9
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                • WakeAllConditionVariable, xrefs: 00C00162
                                                                                                                                                                                                                                                                                                                                                                                • InitializeConditionVariable, xrefs: 00C00148
                                                                                                                                                                                                                                                                                                                                                                                • SleepConditionVariableCS, xrefs: 00C00154
                                                                                                                                                                                                                                                                                                                                                                                • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00C00122
                                                                                                                                                                                                                                                                                                                                                                                • kernel32.dll, xrefs: 00C00133
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                                                • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 459c6ce54af5935904cc353c194a458c4d0c4355ee9b22637e5532a64006fef7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b4cc03a14af15cb7bb765787e80aa297935dc4a938e156683631838bd7a0b3bb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 459c6ce54af5935904cc353c194a458c4d0c4355ee9b22637e5532a64006fef7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B21F633A447126BE7205F74AC8AB6E77D4EB05B51F22413EF909A36D1DF709840CA90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b49c778461b078ca66a3b733cf1d3cfa3a32a88834b668fa7a61f214866e1c11
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2616b3fc7f313f09a6012ed6c9e9078e425d8ccc1db5ac17b7d71f5e603ebca0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b49c778461b078ca66a3b733cf1d3cfa3a32a88834b668fa7a61f214866e1c11
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30E1E632A00556ABCF189FB4C8417EEBBB4BF94710F548129E466E7290DB70AF85D7A0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CharLowerBuffW.USER32(00000000,00000000,00C7CC08), ref: 00C54527
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C5453B
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C54599
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C545F4
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C5463F
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C546A7
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BFF9F2: _wcslen.LIBCMT ref: 00BFF9FD
                                                                                                                                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?,00CA6BF0,00000061), ref: 00C54743
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                                • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: eccbb3dd0fa358b5329b329d74eb0a2f92b1eea03e4a5ea5bb12cfdd81167be7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 27fc36b4312b8968cabdf3818bc3cbcbac9c2b53f00499ec73f190082896f16f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eccbb3dd0fa358b5329b329d74eb0a2f92b1eea03e4a5ea5bb12cfdd81167be7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7FB136756083029FC718DF28C890A6EB7E4AFA5759F50491DF8A6C3291EB30D9C8CB52
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,00C7CC08), ref: 00C640BB
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00C640CD
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00C7CC08), ref: 00C640F2
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00C7CC08), ref: 00C6413E
                                                                                                                                                                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028,?,00C7CC08), ref: 00C641A8
                                                                                                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000009), ref: 00C64262
                                                                                                                                                                                                                                                                                                                                                                                • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00C642C8
                                                                                                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00C642F2
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                                                                                                                                • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ea5bd846b25cd8dd2d539e4e057080e63636cc7c4f952e9f39dc2aa3fea25c15
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6c86a87966dec93b116741aaaba83ee85ae05e899f9f598a3bf4057dde8ca9d0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ea5bd846b25cd8dd2d539e4e057080e63636cc7c4f952e9f39dc2aa3fea25c15
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D122B75A00115EFDB28DF54C8C4EAEBBB5FF45314F248098E9169B251DB31EE86CBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00CB1990), ref: 00C22F8D
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00CB1990), ref: 00C2303D
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00C23081
                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00C2308A
                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(00CB1990,00000000,?,00000000,00000000,00000000), ref: 00C2309D
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00C230A9
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 83b8e545dcd20c5f4bf50fd392a2e43a30c2cb5807e4c81726fac5e70a27abd6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 67fb7bc3f2a7be11257d61a8171f7cf5104348da898cec2a6fea882938db72a6
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 83b8e545dcd20c5f4bf50fd392a2e43a30c2cb5807e4c81726fac5e70a27abd6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34712A30644266BEEB218F65DDC9F9ABFB4FF04724F204216F6246A1E0C7B5AE50D750
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,?), ref: 00C76DEB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE6B57: _wcslen.LIBCMT ref: 00BE6B6A
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00C76E5F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00C76E81
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00C76E94
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00C76EB5
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00BE0000,00000000), ref: 00C76EE4
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00C76EFD
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00C76F16
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00C76F1D
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00C76F35
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00C76F4D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9944: GetWindowLongW.USER32(?,000000EB), ref: 00BF9952
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d5178c4e5ee79e328f3350c0b113a7da05c172a53af423f88d81a0cb05619176
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a386a09c2ac8f480b2b0e3924a3f852c911ecb173e69261825564feb471b3998
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5178c4e5ee79e328f3350c0b113a7da05c172a53af423f88d81a0cb05619176
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53719770504241AFDB21DF28DC98FBABBF9FB89304F54851DF9A987261C770AA49CB11
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF9BB2
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryPoint.SHELL32(?,?), ref: 00C79147
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C77674: ClientToScreen.USER32(?,?), ref: 00C7769A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C77674: GetWindowRect.USER32(?,?), ref: 00C77710
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C77674: PtInRect.USER32(?,?,00C78B89), ref: 00C77720
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00C791B0
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00C791BB
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00C791DE
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00C79225
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00C7923E
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00C79255
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00C79277
                                                                                                                                                                                                                                                                                                                                                                                • DragFinish.SHELL32(?), ref: 00C7927E
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00C79371
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6ffe5348c87c94bf4cb7a1c7a70066694b5ffaac6194f43812ab0a563bc1f208
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 89ee5ee50408c1f8a368cea2e26129a07ce143f22c757f6e4ef2d7007e464f89
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ffe5348c87c94bf4cb7a1c7a70066694b5ffaac6194f43812ab0a563bc1f208
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B618B71108341AFC701EF65DC85EAFBBE8FF89750F404A2DF599921A1DB309A49CB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00C5C4B0
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00C5C4C3
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00C5C4D7
                                                                                                                                                                                                                                                                                                                                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00C5C4F0
                                                                                                                                                                                                                                                                                                                                                                                • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00C5C533
                                                                                                                                                                                                                                                                                                                                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00C5C549
                                                                                                                                                                                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00C5C554
                                                                                                                                                                                                                                                                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00C5C584
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00C5C5DC
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00C5C5F0
                                                                                                                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00C5C5FB
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f62b39ebb850b4faca975abd2a5eb6f8a33a56bc3c168748a9d52b91ad1b4a12
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0da2cb779677f4340390d500e8d1fe5ba620aa40b380a8110f68d435a83a058e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f62b39ebb850b4faca975abd2a5eb6f8a33a56bc3c168748a9d52b91ad1b4a12
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9515DB4500305BFDB218FA5C9C8BAB7BBCFB04745F40441DF956D6250EB34EA88AB64
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00C78592
                                                                                                                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00C785A2
                                                                                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00C785AD
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00C785BA
                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00C785C8
                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00C785D7
                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00C785E0
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00C785E7
                                                                                                                                                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00C785F8
                                                                                                                                                                                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00C7FC38,?), ref: 00C78611
                                                                                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00C78621
                                                                                                                                                                                                                                                                                                                                                                                • GetObjectW.GDI32(?,00000018,?), ref: 00C78641
                                                                                                                                                                                                                                                                                                                                                                                • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00C78671
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00C78699
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00C786AF
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 022e6f1161279d319aa4466416293045f55b09bd093caea314dc1a2be91fa299
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a37e082c170c48c7c7072d2300f390a63fbfc94127a76c7ed17d0c5177ac74bf
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 022e6f1161279d319aa4466416293045f55b09bd093caea314dc1a2be91fa299
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2841F775640205BFDB119FA5CC8CFAE7BB8EB89B11F108059F919E7260DB309A45CB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 00C51502
                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00C5150B
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00C51517
                                                                                                                                                                                                                                                                                                                                                                                • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00C515FB
                                                                                                                                                                                                                                                                                                                                                                                • VarR8FromDec.OLEAUT32(?,?), ref: 00C51657
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00C51708
                                                                                                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00C5178C
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00C517D8
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00C517E7
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 00C51823
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8e6912d7533468df48be613f352ec492b030893b79909f5aca094412a6f4063d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cf2e534556956d417a39240db4151453822a3ab631bce4c99e4d3e1208b1140b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e6912d7533468df48be613f352ec492b030893b79909f5aca094412a6f4063d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59D10235A00109DBCB00AF66D889B7DB7F5BF44701F5880AAFC16AB180EB34DD89DB65
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C6B6AE,?,?), ref: 00C6C9B5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6C998: _wcslen.LIBCMT ref: 00C6C9F1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6C998: _wcslen.LIBCMT ref: 00C6CA68
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6C998: _wcslen.LIBCMT ref: 00C6CA9E
                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C6B6F4
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C6B772
                                                                                                                                                                                                                                                                                                                                                                                • RegDeleteValueW.ADVAPI32(?,?), ref: 00C6B80A
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00C6B87E
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00C6B89C
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00C6B8F2
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00C6B904
                                                                                                                                                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00C6B922
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00C6B983
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00C6B994
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 56ad63563f4917bf2113e83d20f4fd93a8d314ef4b8c1b1ebf67e783826221a5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f006fdfe055dd3d5c6fca3684d5db2676aac0fbf76dedd8f87788db8c3529976
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56ad63563f4917bf2113e83d20f4fd93a8d314ef4b8c1b1ebf67e783826221a5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5DC17D35208241AFD724DF15C4D5F2ABBE5BF84318F14859CF5AA8B2A2CB31ED85CB91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00C625D8
                                                                                                                                                                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00C625E8
                                                                                                                                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 00C625F4
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00C62601
                                                                                                                                                                                                                                                                                                                                                                                • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00C6266D
                                                                                                                                                                                                                                                                                                                                                                                • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00C626AC
                                                                                                                                                                                                                                                                                                                                                                                • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00C626D0
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00C626D8
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00C626E1
                                                                                                                                                                                                                                                                                                                                                                                • DeleteDC.GDI32(?), ref: 00C626E8
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 00C626F3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                                                • String ID: (
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 82d1914847ca4e496e632cc460adca01f09c84946378f9eebb54b46ce4bebb36
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8e6a58ea51b1c8c6fe40a47c21574ff5f6ef848fbd2562ce03cd6567dfc10ceb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82d1914847ca4e496e632cc460adca01f09c84946378f9eebb54b46ce4bebb36
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4761D275D0061AEFCF14CFA8D884AAEBBB5FF48310F208529E95AA7250D774A941DF90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ___free_lconv_mon.LIBCMT ref: 00C1DAA1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C1D63C: _free.LIBCMT ref: 00C1D659
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C1D63C: _free.LIBCMT ref: 00C1D66B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C1D63C: _free.LIBCMT ref: 00C1D67D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C1D63C: _free.LIBCMT ref: 00C1D68F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C1D63C: _free.LIBCMT ref: 00C1D6A1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C1D63C: _free.LIBCMT ref: 00C1D6B3
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C1D63C: _free.LIBCMT ref: 00C1D6C5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C1D63C: _free.LIBCMT ref: 00C1D6D7
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C1D63C: _free.LIBCMT ref: 00C1D6E9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C1D63C: _free.LIBCMT ref: 00C1D6FB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C1D63C: _free.LIBCMT ref: 00C1D70D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C1D63C: _free.LIBCMT ref: 00C1D71F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C1D63C: _free.LIBCMT ref: 00C1D731
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1DA96
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C129C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00C1D7D1,00000000,00000000,00000000,00000000,?,00C1D7F8,00000000,00000007,00000000,?,00C1DBF5,00000000), ref: 00C129DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C129C8: GetLastError.KERNEL32(00000000,?,00C1D7D1,00000000,00000000,00000000,00000000,?,00C1D7F8,00000000,00000007,00000000,?,00C1DBF5,00000000,00000000), ref: 00C129F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1DAB8
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1DACD
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1DAD8
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1DAFA
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1DB0D
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1DB1B
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1DB26
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1DB5E
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1DB65
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1DB82
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1DB9A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 53fecb9fa736f54484fd26694992cc9ada226b9fb96547de2bb49c1b41ed423e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 576b823d194342dfde67fad7995079383f47682d209a9e295595611b2dff9cce
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53fecb9fa736f54484fd26694992cc9ada226b9fb96547de2bb49c1b41ed423e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF316D326047059FEB21AA39E845BDA77E8FF02320F114419F46ADB191DF34ADE0B720
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00C4369C
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C436A7
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00C43797
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00C4380C
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 00C4385D
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00C43882
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00C438A0
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(00000000), ref: 00C438A7
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00C43921
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00C4395D
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 267cdadacc7e0981ffecd021a5c67f1593023e4c1761dfffefeee97d74302377
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b5f60784c760800fd1ff45734d7d4ed4911a66b9bf3d62072d836b228f7200a6
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 267cdadacc7e0981ffecd021a5c67f1593023e4c1761dfffefeee97d74302377
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6491BF71204646AFD719DF24C885BAAF7E8FF94350F108629FAA9C2190DB30EB55CB91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00C44994
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00C449DA
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C449EB
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,00000000), ref: 00C449F7
                                                                                                                                                                                                                                                                                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 00C44A2C
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00C44A64
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00C44A9D
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00C44AE6
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00C44B20
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00C44B8B
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5d6529b0867d2a28ba1606c6a9d3dd72618b3f451742d13978e3f5f369ea465d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5d74d85cc37a02692168383b1f3b55dda5e2f78e84b2c1d6cf2e8c2bbcae24c9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d6529b0867d2a28ba1606c6a9d3dd72618b3f451742d13978e3f5f369ea465d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E391C0710082069FDB08DF14C9C5FAA77E8FF84714F248469FD999A196DB30EE45CBA1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF9BB2
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00C78D5A
                                                                                                                                                                                                                                                                                                                                                                                • GetFocus.USER32 ref: 00C78D6A
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00C78D75
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00C78E1D
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00C78ECF
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 00C78EEC
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 00C78EFC
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00C78F2E
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00C78F70
                                                                                                                                                                                                                                                                                                                                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00C78FA1
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 13aa5bf647e83fbe15542ef4d468cf5304b33bc068ec7cac97c82329a06abafb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0856cae301aae7eb3e0682b62b745c87f48bf37906c425eed1d9c94c3cd9e65d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13aa5bf647e83fbe15542ef4d468cf5304b33bc068ec7cac97c82329a06abafb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E81B1715483019FD710CF24C888AAB7BE9FF88354F14855DFAAC97291DB31DA48DB61
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(00CB1990,000000FF,00000000,00000030), ref: 00C4BFAC
                                                                                                                                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(00CB1990,00000004,00000000,00000030), ref: 00C4BFE1
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000001F4), ref: 00C4BFF3
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 00C4C039
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 00C4C056
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,-00000001), ref: 00C4C082
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,?), ref: 00C4C0C9
                                                                                                                                                                                                                                                                                                                                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00C4C10F
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C4C124
                                                                                                                                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C4C145
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6b13db9c15582bf15444d26f16f1d45a11d99a7be635d1238055f8d8d30bafb6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 64af64ad3e7e5eac93f2a716f30adeddb8f9694c61e0746bc86e3a4b05200b29
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b13db9c15582bf15444d26f16f1d45a11d99a7be635d1238055f8d8d30bafb6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED619EB090124AAFEF51CF64CDC8BEE7BB8FB05354F040159E825A32A1D735AE45DB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00C4DC20
                                                                                                                                                                                                                                                                                                                                                                                • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00C4DC46
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C4DC50
                                                                                                                                                                                                                                                                                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 00C4DCA0
                                                                                                                                                                                                                                                                                                                                                                                • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00C4DCBC
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 10962457c576333cd0f0c6831af12a872a31bc2827ac75ec367a4b9d71bd9fa8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1ce9fea185d0907894dd2454a0082b3a63b781d0b9f5db184e1054d9b23f96da
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10962457c576333cd0f0c6831af12a872a31bc2827ac75ec367a4b9d71bd9fa8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B2410272940206BADB04BB659C87FBF37ACEF46710F144069FA05A61C2EB749A01D7B5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00C6CC64
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00C6CC8D
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00C6CD48
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00C6CCAA
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00C6CCBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00C6CCCF
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00C6CD05
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00C6CD28
                                                                                                                                                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00C6CCF3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4480ae1eee3e2dbf829556da7127c00bdf9a3068a481cb7d26b4e6dcf9417bcf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a35b9e9a2320a94e88bbf7c95841a88a91786191676cda7e8eda8c8eb3728a84
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4480ae1eee3e2dbf829556da7127c00bdf9a3068a481cb7d26b4e6dcf9417bcf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89315C71A01129BBDB309B55DCC8FFFBB7CEF46750F000169E95AE2240DB349A859AE0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00C53D40
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C53D6D
                                                                                                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00C53D9D
                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00C53DBE
                                                                                                                                                                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 00C53DCE
                                                                                                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00C53E55
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00C53E60
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00C53E6B
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ab619d6950f6bcdf270fe31b57bc4a2e6184a731854d975e0ac2df2c85328acb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: df9b0e584f0d6f6f01151436f5ee7e7fe8e24080817fab32dfbb9d654f11963a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab619d6950f6bcdf270fe31b57bc4a2e6184a731854d975e0ac2df2c85328acb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5531A57651014AABDB219BA0DC89FEF37BCEF88741F1040B9F919D6061E77497888B24
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • timeGetTime.WINMM ref: 00C4E6B4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BFE551: timeGetTime.WINMM(?,?,00C4E6D4), ref: 00BFE555
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00C4E6E1
                                                                                                                                                                                                                                                                                                                                                                                • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00C4E705
                                                                                                                                                                                                                                                                                                                                                                                • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00C4E727
                                                                                                                                                                                                                                                                                                                                                                                • SetActiveWindow.USER32 ref: 00C4E746
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00C4E754
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00C4E773
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000FA), ref: 00C4E77E
                                                                                                                                                                                                                                                                                                                                                                                • IsWindow.USER32 ref: 00C4E78A
                                                                                                                                                                                                                                                                                                                                                                                • EndDialog.USER32(00000000), ref: 00C4E79B
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                                                • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2f839a104b272234f85dad8d096fab7292ec8d963ef81c83e2ca35df53ade1cd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ec921cf886b0ea107fdad5db2308994a9a7e87285bab8fadac40f623356db315
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f839a104b272234f85dad8d096fab7292ec8d963ef81c83e2ca35df53ade1cd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F621A2B0640606AFEB005F70ECCAF2E3B69F754399F161529F91AC21B1DB71AC409B24
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00C4EA5D
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00C4EA73
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00C4EA84
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00C4EA96
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00C4EAA7
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a5722002af5e5df5cbe32f4655613be1b66a65b06f1ec92efc9be86b1df0141c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e75e6da5ac5d3a840037f269fcf9832b366b17a469f0deeea21e9c3ac63b7453
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5722002af5e5df5cbe32f4655613be1b66a65b06f1ec92efc9be86b1df0141c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB112131A5026A79D720A7B2DC4AEFF6ABCFBD2F44F4504797811A20D1EFB05A45C5B0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00C4A012
                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 00C4A07D
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00C4A09D
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A0), ref: 00C4A0B4
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00C4A0E3
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A1), ref: 00C4A0F4
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 00C4A120
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 00C4A12E
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 00C4A157
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000012), ref: 00C4A165
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00C4A18E
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(0000005B), ref: 00C4A19C
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e80ca6a9ecd0dee398bb526a6e54881d5f4b3417fb158ff112ea58be5f182caa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fd2af060b3f923d31a105702c01a2d2328b1f568ffe7b0071a8feab476adfce6
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e80ca6a9ecd0dee398bb526a6e54881d5f4b3417fb158ff112ea58be5f182caa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1351FA309447986AFB35DBA088507EFBFB5BF12380F08459DD5D2571C2DA64AB8CC762
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00C45CE2
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00C45CFB
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00C45D59
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 00C45D69
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00C45D7B
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00C45DCF
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00C45DDD
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00C45DEF
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00C45E31
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00C45E44
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00C45E5A
                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00C45E67
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f4967614e750084bb2fbf88bc64e7069d841d76c14f55e9479a9cfb1aafcf7f4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f4539f1f30f70162f436b44f656efe42e846d2b23adaa438f55d43312499784e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4967614e750084bb2fbf88bc64e7069d841d76c14f55e9479a9cfb1aafcf7f4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C051FDB1A00616AFDB18CF68DD89BAEBBB5FF48300F548129F919E6291D7709E44CB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00BF8BE8,?,00000000,?,?,?,?,00BF8BBA,00000000,?), ref: 00BF8FC5
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00BF8C81
                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(00000000,?,?,?,?,00BF8BBA,00000000,?), ref: 00BF8D1B
                                                                                                                                                                                                                                                                                                                                                                                • DestroyAcceleratorTable.USER32(00000000), ref: 00C36973
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00BF8BBA,00000000,?), ref: 00C369A1
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00BF8BBA,00000000,?), ref: 00C369B8
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00BF8BBA,00000000), ref: 00C369D4
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00C369E6
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 71c44438e95ace4c1f4543c6430331a4270fd44ccef031756dfbbbf1ce36f052
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 10c4bea1942d15118c07b93bea38272f2306924e62e04128eebb04a774005942
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71c44438e95ace4c1f4543c6430331a4270fd44ccef031756dfbbbf1ce36f052
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6261CC30412708EFCB259F14D998B3977F1FB40312F18866CE6569B9A0CB31AA94DF90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9944: GetWindowLongW.USER32(?,000000EB), ref: 00BF9952
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00BF9862
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 80e537e1ff8f6f213920129cc220b28b3ac1b16e20c7f0d5c6a2a692c65f90f4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8744789309d89f434ea5f1d79cc5223475ef88dbca925345b12123d4ce265c9f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80e537e1ff8f6f213920129cc220b28b3ac1b16e20c7f0d5c6a2a692c65f90f4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A41AD31104648AFDB305F389C88BBD3BA5EB463B0F544699FAB68B1E1C7719D86DB10
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00C2F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00C49717
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,00C2F7F8,00000001), ref: 00C49720
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00C2F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00C49742
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,00C2F7F8,00000001), ref: 00C49745
                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00C49866
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bc0a66edf8bf41a4084392d4b06a9004c2eca50df988e0c674861c9c8003c478
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c329c1186419736c986fef0653114564a4b8f80d31c318c50a7635f48f41d802
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc0a66edf8bf41a4084392d4b06a9004c2eca50df988e0c674861c9c8003c478
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83415172800259AACF14FBE1CD86EEE77B8EF55740F6400A5F60572092EB356F49CB61
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE6B57: _wcslen.LIBCMT ref: 00BE6B6A
                                                                                                                                                                                                                                                                                                                                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00C407A2
                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00C407BE
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00C407DA
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00C40804
                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00C4082C
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00C40837
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00C4083C
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0754d288792f798c72b54aca9d03ddeb809a9d0b9a501a5494e84a9728ff4f5b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 079b1c69be856c95499699a1536592524c93dbf0129b844ad809ce49cb1a3a84
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0754d288792f798c72b54aca9d03ddeb809a9d0b9a501a5494e84a9728ff4f5b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6413B72C10229ABCF11EFA4DC85DEEB7B8FF44750F144169E915A71A1EB30AE44CBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00C7403B
                                                                                                                                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 00C74042
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00C74055
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00C7405D
                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,00000000,00000000), ref: 00C74068
                                                                                                                                                                                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 00C74072
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00C7407C
                                                                                                                                                                                                                                                                                                                                                                                • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00C74092
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00C7409E
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0492a35db769975299a31de445a5814ed2ea6dd941a9465d7c119114adfb90ca
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fa5e2dd04dee76e876092ce6bd4a2b7e1b0091cb450f4c7e56dbf41488a9c447
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0492a35db769975299a31de445a5814ed2ea6dd941a9465d7c119114adfb90ca
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2316C32501216ABDF219FA4DC89FDE3BA8FF0D760F114215FA29A61A0C775D950DB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00C63C5C
                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00C63C8A
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 00C63C94
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C63D2D
                                                                                                                                                                                                                                                                                                                                                                                • GetRunningObjectTable.OLE32(00000000,?), ref: 00C63DB1
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001,00000029), ref: 00C63ED5
                                                                                                                                                                                                                                                                                                                                                                                • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00C63F0E
                                                                                                                                                                                                                                                                                                                                                                                • CoGetObject.OLE32(?,00000000,00C7FB98,?), ref: 00C63F2D
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 00C63F40
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00C63FC4
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00C63FD8
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c3022a433f57fe6fc0337e75593c4cb9274f58a256e0aa21361e834a800a48b2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9b4b8c0fb7c69c56f08f7dbbee9f3133f19be21102dd0223c619cbe2de7da5dc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3022a433f57fe6fc0337e75593c4cb9274f58a256e0aa21361e834a800a48b2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04C14371608241AFC710DF69C8C492BBBE9FF89744F10495DF98A9B250DB31EE45CB62
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00C57AF3
                                                                                                                                                                                                                                                                                                                                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00C57B8F
                                                                                                                                                                                                                                                                                                                                                                                • SHGetDesktopFolder.SHELL32(?), ref: 00C57BA3
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00C7FD08,00000000,00000001,00CA6E6C,?), ref: 00C57BEF
                                                                                                                                                                                                                                                                                                                                                                                • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00C57C74
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?,?), ref: 00C57CCC
                                                                                                                                                                                                                                                                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00C57D57
                                                                                                                                                                                                                                                                                                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00C57D7A
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00C57D81
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00C57DD6
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 00C57DDC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 079845340419caa3f5b8bb361a3b6db1cf286a3a1704df004ceeabf3deac73da
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f1efb2038e7b7a96a3b5d38ff62edc9a162453ec402a095b8d4e428beacadf5f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 079845340419caa3f5b8bb361a3b6db1cf286a3a1704df004ceeabf3deac73da
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AAC12C75A04109AFCB14DFA4D888DAEBBF9FF48305B148598F8199B361D730EE85CB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00C75504
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00C75515
                                                                                                                                                                                                                                                                                                                                                                                • CharNextW.USER32(00000158), ref: 00C75544
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00C75585
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00C7559B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00C755AC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6335ecb0308ffa3105b3e16d96ed351684ecf918d808bb219ee3c014ef6339eb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7c34bb2b1f39062136d870c7be004a2bd1577f751cbc886dff9e398ef7563672
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6335ecb0308ffa3105b3e16d96ed351684ecf918d808bb219ee3c014ef6339eb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85617E70904609EFDF109F95CC85AFE7BB9EB09760F10C149FA29A7290D7B49A81DB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00C3FAAF
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 00C3FB08
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00C3FB1A
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 00C3FB3A
                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00C3FB8D
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 00C3FBA1
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00C3FBB6
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayDestroyData.OLEAUT32(?), ref: 00C3FBC3
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00C3FBCC
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00C3FBDE
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00C3FBE9
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5b1e600d6c252e099bcbd9a694332d9d4c584d425ecec0f1c5d23cc029bb23d0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1733b21800395f014d36eef0e5ce9eb48ef7262c0fcf8fd7f6d27637c3d742e5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5b1e600d6c252e099bcbd9a694332d9d4c584d425ecec0f1c5d23cc029bb23d0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9414275E102199FCB00DF64D898ABEBBB9EF48344F008469E959A7261D734AA46CF90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00C49CA1
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00C49D22
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A0), ref: 00C49D3D
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00C49D57
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A1), ref: 00C49D6C
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 00C49D84
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 00C49D96
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 00C49DAE
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000012), ref: 00C49DC0
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00C49DD8
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(0000005B), ref: 00C49DEA
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b875b26966ce653a0fa4532db0c71ce472a3fbfc6896c0b277a3982adb50cbe3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8ae20c0dcdc209ffe54ca4f9bc6b85df6b66f27e196ae22033238354c492063a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b875b26966ce653a0fa4532db0c71ce472a3fbfc6896c0b277a3982adb50cbe3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D41D5349047EA6DFF308A6488447B7BEA0FB11344F04805EDAD6565C2DBB59BC8C7A2
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • WSAStartup.WSOCK32(00000101,?), ref: 00C605BC
                                                                                                                                                                                                                                                                                                                                                                                • inet_addr.WSOCK32(?), ref: 00C6061C
                                                                                                                                                                                                                                                                                                                                                                                • gethostbyname.WSOCK32(?), ref: 00C60628
                                                                                                                                                                                                                                                                                                                                                                                • IcmpCreateFile.IPHLPAPI ref: 00C60636
                                                                                                                                                                                                                                                                                                                                                                                • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00C606C6
                                                                                                                                                                                                                                                                                                                                                                                • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00C606E5
                                                                                                                                                                                                                                                                                                                                                                                • IcmpCloseHandle.IPHLPAPI(?), ref: 00C607B9
                                                                                                                                                                                                                                                                                                                                                                                • WSACleanup.WSOCK32 ref: 00C607BF
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bb0ca396c2c6710e671791431b99d8aa5e209f20b5d23534607af543fdafbcd4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 66d3eb8021fdac66a8dd881447cf20b2694b5de08a49c98e62abdd7e7f1845b2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb0ca396c2c6710e671791431b99d8aa5e209f20b5d23534607af543fdafbcd4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63917C756082419FD720DF15D8C9F1BBBE0AF44318F2485A9F46AAB6A2C730ED85CF91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                                                • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 805b176f3bf27aa8e35d2d89f3038238718aa504be8cde3fcc792c313f30f5a2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: da43f3b4bd5de26cd5c6184737b33e19423357665dfff2050beb5b70b474f230
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 805b176f3bf27aa8e35d2d89f3038238718aa504be8cde3fcc792c313f30f5a2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D051BF75A001179BCF24DF68C8909BEB3E5BF65724B204329E926E72C0DB31DE48C790
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32 ref: 00C63774
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 00C6377F
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000017,00C7FB78,?), ref: 00C637D9
                                                                                                                                                                                                                                                                                                                                                                                • IIDFromString.OLE32(?,?), ref: 00C6384C
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00C638E4
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00C63936
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1d2bce6901b1eadea08dffb82069eeabce9e2f7ebf9d2a29a5a38db21433eaba
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6576fffded3d3df7bc9e59b0d1e276a2c893a380faca0231e64846f1c4ebc1e4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d2bce6901b1eadea08dffb82069eeabce9e2f7ebf9d2a29a5a38db21433eaba
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7561A3706083419FD320DF65C889BAAB7E4EF49714F10095EF9959B291D770EE48CB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00C533CF
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00C533F0
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 177bfb4452b58cc4138f321d45e7fb104145472def4f0f8b37657f78ab9ab8ca
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e01b95c734aafa7b9fabc76f4889f5e3447a1c0fef0df20bc127af0665d28d66
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 177bfb4452b58cc4138f321d45e7fb104145472def4f0f8b37657f78ab9ab8ca
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D51B13190024AAADF15EBE1CD46EEEB7F8EF14740F6441A5F90572062EB312F98DB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e6ac6354099e8db8793e4c3f2ccfb2b2930ddb5571d356d06f103007d0585e53
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 30ddebf781b5dbb85c3d24e9948bc05d2b12a2be0296e701e33776487fc71786
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6ac6354099e8db8793e4c3f2ccfb2b2930ddb5571d356d06f103007d0585e53
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D41E532A000279ACB249F7DC8905FEB7B5BFA1758B264129F935DB284E731CE81C790
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00C553A0
                                                                                                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00C55416
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00C55420
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,READY), ref: 00C554A7
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 429b20b579d54585a7bb6e3358be21f9141b0cb121e64a9828802e311891d3b5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e7e384585c9476487a0867483baefa483fd77e61f2381b7ac6f57f4e048ff557
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 429b20b579d54585a7bb6e3358be21f9141b0cb121e64a9828802e311891d3b5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F31A279A005059FDB10DF69C494BAD7BF4EF0530AF188069E815CB292D731DECACB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateMenu.USER32 ref: 00C73C79
                                                                                                                                                                                                                                                                                                                                                                                • SetMenu.USER32(?,00000000), ref: 00C73C88
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C73D10
                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 00C73D24
                                                                                                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00C73D2E
                                                                                                                                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00C73D5B
                                                                                                                                                                                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 00C73D63
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7f58d84ddc75dab347d83c20de89c42e7f8940165d7552898bfbb66e1f7fccd5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a9f26a2b18e8125892e64363e24f3d85256f3a99d0b7e5b1dadc337c17f62421
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f58d84ddc75dab347d83c20de89c42e7f8940165d7552898bfbb66e1f7fccd5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60418C74A0120AAFDB24CF64D888B9E7BB5FF49350F14402CE95AA7360D771AA10DB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C43CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00C43CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00C41F64
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32 ref: 00C41F6F
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 00C41F8B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00C41F8E
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 00C41F97
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00C41FAB
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00C41FAE
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 76cccec2da7e996954c6347421a643c13866298f4e9b6600df9b1e2550c339a5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d5848a62fb8c903eda199115b50f3432f90692225f20a2773981a66c223bf7d0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76cccec2da7e996954c6347421a643c13866298f4e9b6600df9b1e2550c339a5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3521BE70900214BBDF04AFA1DCC5AEEBBB8FF06350B104159B9A5A72A1DB355A899B60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C43CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00C43CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00C42043
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32 ref: 00C4204E
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 00C4206A
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00C4206D
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 00C42076
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00C4208A
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 00C4208D
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b710fd33f71a629366190ef402d63bdad1fa0dd282fa1c887c5981dd4347ee3e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dc1ddfce09fc550fc85c9f622cf32d13bd8fb836aa3dbd034f17e3fcb0d19ebc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b710fd33f71a629366190ef402d63bdad1fa0dd282fa1c887c5981dd4347ee3e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B21BE71900214BBCB10AFA0DCC5BEEBBB8FB05340F104459B955A72A1DB758958DB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00C73A9D
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00C73AA0
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C73AC7
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00C73AEA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00C73B62
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00C73BAC
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00C73BC7
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00C73BE2
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00C73BF6
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00C73C13
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a6a97e11bb7b397c6c1bbf94fd024bbec81336b945b9568659f3545c29ec96f6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f0248e1bb406eb559be882a0424daada7ac17a6b0984eeefcee9640c315d8914
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6a97e11bb7b397c6c1bbf94fd024bbec81336b945b9568659f3545c29ec96f6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55617B75900288AFDB11DFA8CC81FEE77F8EB09710F144199FA19A72A1D770AE41EB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00C4B151
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00C4A1E1,?,00000001), ref: 00C4B165
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 00C4B16C
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00C4A1E1,?,00000001), ref: 00C4B17B
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00C4B18D
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00C4A1E1,?,00000001), ref: 00C4B1A6
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00C4A1E1,?,00000001), ref: 00C4B1B8
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00C4A1E1,?,00000001), ref: 00C4B1FD
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00C4A1E1,?,00000001), ref: 00C4B212
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00C4A1E1,?,00000001), ref: 00C4B21D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 59dfc8d5bb6a2d1933a21ed2af85002a29b5cd14ed941cfbef54e541dfb7c97f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8051984b16a18f2e9527d5fb36dee1bd2994044e86af5fa3daf3f15a085b2e66
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59dfc8d5bb6a2d1933a21ed2af85002a29b5cd14ed941cfbef54e541dfb7c97f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1318B75540209BFDB20AF64EC98BAE7BADBF51311F104119FA29D6190D7B8DE808F60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C12C94
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C129C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00C1D7D1,00000000,00000000,00000000,00000000,?,00C1D7F8,00000000,00000007,00000000,?,00C1DBF5,00000000), ref: 00C129DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C129C8: GetLastError.KERNEL32(00000000,?,00C1D7D1,00000000,00000000,00000000,00000000,?,00C1D7F8,00000000,00000007,00000000,?,00C1DBF5,00000000,00000000), ref: 00C129F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C12CA0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C12CAB
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C12CB6
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C12CC1
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C12CCC
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C12CD7
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C12CE2
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C12CED
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C12CFB
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4c0e586c978e3b6bf74d57f3f1907b529b32149ddf5c616a8a41cf400bfba400
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4c9b611f93b7a807d6a5a116c26d2198b51f80b88023efd88ab111ca6ea01e4b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c0e586c978e3b6bf74d57f3f1907b529b32149ddf5c616a8a41cf400bfba400
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B11477A510108AFCB02EF58D942CDD3BA5FF06360F5145A5FA495F222D631EEB0BB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00C57FAD
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00C57FC1
                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00C57FEB
                                                                                                                                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00C58005
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00C58017
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00C58060
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00C580B0
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 983b63ecd545cd02ce9f338e0f0d718c096c4f0e18125a8e32ce324abe556f44
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5a2c4233c6c6bb664dca4bfa7146dc6ceefd382fa2816c63d2aad39a8bb2aa4e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 983b63ecd545cd02ce9f338e0f0d718c096c4f0e18125a8e32ce324abe556f44
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E81DE755083419FCB20EE15C881AAEB3E8AB88311F14495EFC99D7250EB74DECD8B96
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EB), ref: 00BE5C7A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE5D0A: GetClientRect.USER32(?,?), ref: 00BE5D30
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE5D0A: GetWindowRect.USER32(?,?), ref: 00BE5D71
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE5D0A: ScreenToClient.USER32(?,?), ref: 00BE5D99
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32 ref: 00C246F5
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00C24708
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00C24716
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00C2472B
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00C24733
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00C247C4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID: U
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5e11ece0e35d633eb47e00fac6546a5eba78053d576482253086b7b6bc697ede
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 63d15af2aa0c6a2c7c34ccbe12e2361f7f22e93e8c237dc6b044fdb4463a6568
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e11ece0e35d633eb47e00fac6546a5eba78053d576482253086b7b6bc697ede
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C6710F30500205DFCF298F64D984ABE3BB1FF4A324F2842A9FD665A2A6C3319981DF50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00C535E4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00CB2390,?,00000FFF,?), ref: 00C5360A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d76ba2139ab05a71506d890505e8a10ae95ed132825714c509302bcc7ad17aaa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9aca0757e011f3ae5a3f686c8cbb8c4563669d1fdca419ceec7b70f538c4e893
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d76ba2139ab05a71506d890505e8a10ae95ed132825714c509302bcc7ad17aaa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1518F71C0028AABCF15EBA1CC42EEEBBB8EF14381F584165F505721A1EB301BD9DB64
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF9BB2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF912D: GetCursorPos.USER32(?), ref: 00BF9141
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF912D: ScreenToClient.USER32(00000000,?), ref: 00BF915E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF912D: GetAsyncKeyState.USER32(00000001), ref: 00BF9183
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF912D: GetAsyncKeyState.USER32(00000002), ref: 00BF919D
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00C78B6B
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_EndDrag.COMCTL32 ref: 00C78B71
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseCapture.USER32 ref: 00C78B77
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 00C78C12
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00C78C25
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00C78CFF
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0787c01453e673bbe08c9ad3cb389d4d984a5a568fd93101f64ab5744bd45afe
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0bc5c2e3fe9179150135f10702251d3c4fdbd6cca679f21f7f4bf5a7b2b3da54
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0787c01453e673bbe08c9ad3cb389d4d984a5a568fd93101f64ab5744bd45afe
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9518C71504244AFD704DF24CC9ABAE77E4FB88714F40066DF95A972E1CB719A48CB62
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00C5C272
                                                                                                                                                                                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00C5C29A
                                                                                                                                                                                                                                                                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00C5C2CA
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00C5C322
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 00C5C336
                                                                                                                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00C5C341
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2851cf2a2620d468978266dc52febff02c445d626807e838679b163764d18f93
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 81a0dc7d3cd46d18c56d9382ea912417be3d611a19130f7da04063e8d3dcef77
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2851cf2a2620d468978266dc52febff02c445d626807e838679b163764d18f93
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD318DB5500308AFD7219F658CC8BAF7AFCEB49741F10851DF85AD2210DB34DD889B64
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00C23AAF,?,?,Bad directive syntax error,00C7CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00C498BC
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,00C23AAF,?), ref: 00C498C3
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00C49987
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d509bf8e2a7d777b522a6e9c887e127f89ea9b59509c5ddfce58e37ee99d8708
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2731ddb15a0d565ce0ae7ada245fcaa6db2eb50767aa04820ece3aea0f2a5f9a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d509bf8e2a7d777b522a6e9c887e127f89ea9b59509c5ddfce58e37ee99d8708
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A21913180025EEBCF15EF90CC4AEEE77B5FF18704F0844A9F519660A2EB719A58DB20
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 00C420AB
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 00C420C0
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00C4214D
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f8b888dee3e6feb94cb289e8f3c415fa1987db9ef8b900a02438cb162a1e8a9c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 49dac21fb24b0de678f926c74e47aa32e87ab9ad028ee957a8dff61d68a52cf8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8b888dee3e6feb94cb289e8f3c415fa1987db9ef8b900a02438cb162a1e8a9c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E112C76688707BAF7053225EC07EEF379CEF05725B60402AF705A50D1FE655D416624
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 318f7b4eeb4bc9e020ad66919c3f3677a8151efbf9cf466b72c66df2a5eb407e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f2490b25de28689caae62feb649c8bfa12e28b42cc0be75fbf672b7a2674ee8a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 318f7b4eeb4bc9e020ad66919c3f3677a8151efbf9cf466b72c66df2a5eb407e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47C1C474A042499FDF21DFA8D851BEDBBB0AF0E310F144199E425A7392C7349AC2EB61
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5e62db8da1a8a26e07900b00b0aa10b72d56b3f9524352218300f44eaa09bbfe
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6349fed8b4186d10f160e4f646126b5bf3521415551969e642a919997ae0b9c4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e62db8da1a8a26e07900b00b0aa10b72d56b3f9524352218300f44eaa09bbfe
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E611571A44300AFDB21AFF498C1BEE7BA5AF07320F14426DF95597281D6319AC2F790
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00C36890
                                                                                                                                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00C368A9
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00C368B9
                                                                                                                                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00C368D1
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00C368F2
                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00BF8874,00000000,00000000,00000000,000000FF,00000000), ref: 00C36901
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00C3691E
                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00BF8874,00000000,00000000,00000000,000000FF,00000000), ref: 00C3692D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 380e1facffca45cb1603a36b82344eb9b01fd072bd43fdedcb3b9518485d4677
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1157ae548cb27c6fa66fa3cb9bdf24f04f24a1585561bb0d3ed1803d790d1634
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 380e1facffca45cb1603a36b82344eb9b01fd072bd43fdedcb3b9518485d4677
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A517870A00209AFDB20CF25CC95BAA7BF5FB48760F104558FA56972A0DB71EA94DB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00C5C182
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00C5C195
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 00C5C1A9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C5C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00C5C272
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C5C253: GetLastError.KERNEL32 ref: 00C5C322
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C5C253: SetEvent.KERNEL32(?), ref: 00C5C336
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C5C253: InternetCloseHandle.WININET(00000000), ref: 00C5C341
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8ec0e7e42df509f6448a236aeceebfc774d6f137b871f59124f3c8b050395f37
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2449406cb9f6f3d2a2ff7ae063104ffac56e76d5d4ba50b5c709b654c1ae28f4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ec0e7e42df509f6448a236aeceebfc774d6f137b871f59124f3c8b050395f37
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A317E79100701AFDB259FA5DC84B6BBBE9FF18302F00441DF96A86611DB30E9989BA4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C43A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00C43A57
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C43A3D: GetCurrentThreadId.KERNEL32 ref: 00C43A5E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C43A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00C425B3), ref: 00C43A65
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00C425BD
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00C425DB
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00C425DF
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00C425E9
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00C42601
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00C42605
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00C4260F
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00C42623
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00C42627
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 26358d320fc22cbe3b0054a5cb4902b19f19186bdb4e35bf65dbdd97870a0148
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d7982d046d3b420e65f0bce4fe848433aa83c2140cad11630cb80a9058641d11
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 26358d320fc22cbe3b0054a5cb4902b19f19186bdb4e35bf65dbdd97870a0148
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8601D430390610BBFB2067699CCAF5D3F59EF8EB22F500019F318AE0D1C9E22484DA69
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00C41449,?,?,00000000), ref: 00C4180C
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00C41449,?,?,00000000), ref: 00C41813
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00C41449,?,?,00000000), ref: 00C41828
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00C41449,?,?,00000000), ref: 00C41830
                                                                                                                                                                                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00C41449,?,?,00000000), ref: 00C41833
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00C41449,?,?,00000000), ref: 00C41843
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00C41449,00000000,?,00C41449,?,?,00000000), ref: 00C4184B
                                                                                                                                                                                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00C41449,?,?,00000000), ref: 00C4184E
                                                                                                                                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,00C41874,00000000,00000000,00000000), ref: 00C41868
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dffed33b2f3bc96a54378d8693ec961f7a3b9447172d2b59fb0a83734d118f0f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e838d5e88bce3c82335bd9fd9e20e67c5a1d50eb75f461ee15c226c2bb06ed2e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dffed33b2f3bc96a54378d8693ec961f7a3b9447172d2b59fb0a83734d118f0f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC01BBB5640309BFE710ABB5DC8DF6F3BACEB89B11F414425FA09DB1A1CA709850CB20
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00C4D501
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00C4D50F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4D4DC: CloseHandle.KERNELBASE(00000000), ref: 00C4D5DC
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00C6A16D
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00C6A180
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00C6A1B3
                                                                                                                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 00C6A268
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 00C6A273
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00C6A2C4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 754b246347fbf203cf77a1be2f96edb05ec49b390b6e948c0285db26101fdb6a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7f164f569af676504c732468704c34e480be52743caf91af1c682dce0ced78b3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 754b246347fbf203cf77a1be2f96edb05ec49b390b6e948c0285db26101fdb6a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59618E702042429FD720DF19C4D4F1ABBE1AF54318F54849CE46A9B7A3C772ED89CB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00C73925
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00C7393A
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00C73954
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C73999
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 00C739C6
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00C739F4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0da12f98bf7239c223464f6db63b40a58b8cb662175e1985650ae732fbb9b539
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 157c679d9866f67f5a50f5c980c063fd814d4d109bcda20d7e37639eede0104c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0da12f98bf7239c223464f6db63b40a58b8cb662175e1985650ae732fbb9b539
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D041A371A00259ABDF219F64CC89BEE7BA9FF08354F10452AF958E72C1D7719A80DB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C4BCFD
                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(00000000), ref: 00C4BD1D
                                                                                                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00C4BD53
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00FA5E08), ref: 00C4BDA4
                                                                                                                                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(00FA5E08,?,00000001,00000030), ref: 00C4BDCC
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5c6500747f7506e12e3e67c9170d24199ff977aaa0b8adc8b65b4cc8f603acaa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ba9c9f5724250da0b604b1acda2951d61fc1cd6dfc973474917457737ef58f0a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c6500747f7506e12e3e67c9170d24199ff977aaa0b8adc8b65b4cc8f603acaa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E151AD70E002059BDF20CFA9D8C4BAEBBF8BF55314F144199E42597298D770EE45CB61
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(00000000,00007F03), ref: 00C4C913
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                                                • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 344c8cf5aa194c6dea0864443e2379d94f9d2c13a2dab5aeab02ae4165d698a0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a589e6ef41d989b0c139364fcd1782d22c7976550a8f1dcbf160f00f636f6449
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 344c8cf5aa194c6dea0864443e2379d94f9d2c13a2dab5aeab02ae4165d698a0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C110D3278A307BAE7056B559CC3DAF779CEF25358B14003EF610E61E2EB745E406264
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bbb237918fe5bd0721ad83b8d9355b0c7cd91bc22d3029dc6670a69623845d9d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 214816a2e7bf7d750712ffd92164b5f9e99361cc310f7b309680fc3afd1ee61c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bbb237918fe5bd0721ad83b8d9355b0c7cd91bc22d3029dc6670a69623845d9d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB11A271904116ABCB24BB60DC4AFEE77ACEB11711F0101ADF55AAA0D1EF718A81DA51
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF9BB2
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00C79FC7
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 00C79FE7
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00C7A224
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00C7A242
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00C7A263
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000003,00000000), ref: 00C7A282
                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00C7A2A7
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000005,?,?), ref: 00C7A2CA
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1211466189-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9956531acaee281b9a8000922324b734af10a62bb8d311de3cad586c872d230b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 17d9931f5793017622e02b1e72cedb0deb878f9b2689db1f12eb5c75114f9733
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9956531acaee281b9a8000922324b734af10a62bb8d311de3cad586c872d230b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1B16831600215EFDF14CF69C9C57AE7BB2BF84711F09C069EC59AB296DB31AA80CB51
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f97a35a5a6dbbd0129870baf287089de46608951de4350d6356bdaf267625cdd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4b430d6963700cdf1513ff397ba8bec465baa64fa5b4399d1097f3d07b2d9600
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f97a35a5a6dbbd0129870baf287089de46608951de4350d6356bdaf267625cdd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F41A365C1021875CB11EBF4CC8AACFB7ACBF45710F508462E918E3162FB34E655C3A5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00C3682C,00000004,00000000,00000000), ref: 00BFF953
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00C3682C,00000004,00000000,00000000), ref: 00C3F3D1
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00C3682C,00000004,00000000,00000000), ref: 00C3F454
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 76ddc93d6c1a08e4eefab3c5c50978d99eec37a377a6349c3efa9c547ed741c7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8b0b0145f903cd60a34877e3e6c8ee1dbc5ac4e75e086d4c64826d58417ab652
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 76ddc93d6c1a08e4eefab3c5c50978d99eec37a377a6349c3efa9c547ed741c7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C415031A1468ABAC7388B29C8C873E7BD1EF55310F54C4BCE28B53570C6B2D989CB11
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00C72D1B
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00C72D23
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00C72D2E
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00C72D3A
                                                                                                                                                                                                                                                                                                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00C72D76
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00C72D87
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00C75A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00C72DC2
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00C72DE1
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c6452ac96249d736ee50668278aa411681ca7aa309366478e37acf5b407b068d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 411cae1501dc86ac2b58bb6c6034dde9ffb2684f907ee900262b487926a36216
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c6452ac96249d736ee50668278aa411681ca7aa309366478e37acf5b407b068d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07316B72201214BFEB218F508C8AFEB3FADEB19755F048059FE0C9A291D6759C90CBA4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 31b4ebc03e54846f218fa281bd39fd59d9ba38ac5815744e6b563181a280496e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5149d325bd409a474ef2634cf73cb141f3bdd43c3ddb02a01f009551f5bb8518
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31b4ebc03e54846f218fa281bd39fd59d9ba38ac5815744e6b563181a280496e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D021C661740A09BBD21556218EC2FFA735CBF21794F594034FD099A7C3F720EE12D5A5
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a62195fe9bf5bfdd673528603c5c27ea2716034f47b0f6fce7d299fa85f72ab3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7b07778b25b3cddc933a4e98c503df41d5bb831bd94f60570912eb757b838332
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a62195fe9bf5bfdd673528603c5c27ea2716034f47b0f6fce7d299fa85f72ab3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8D1B375A0060AAFDF20CFA8C8C1BAEB7B5FF48344F248469E915AB291D771DE45CB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00C217FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00C215CE
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00C217FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00C21651
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00C217FB,?,00C217FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00C216E4
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00C217FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00C216FB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C13820: RtlAllocateHeap.NTDLL(00000000,?,00CB1444,?,00BFFDF5,?,?,00BEA976,00000010,00CB1440,00BE13FC,?,00BE13C6,?,00BE1129), ref: 00C13852
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00C217FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00C21777
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00C217A2
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00C217AE
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: aeed0fc0813fdf94a981ba10df859c68f96d0f6da43a276d2f20755e326d6b29
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 061f6b1b2f2793d99fd6430409453bd2f52f2a6908d22983c4bbae1b142e0a48
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aeed0fc0813fdf94a981ba10df859c68f96d0f6da43a276d2f20755e326d6b29
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F291C471E002269EDB208E65E881AEE7BF5EFA9710F1C4669EC15E7581DB35CE40C7A0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 86de051023821b97f592383e13a74cc4e294d6afacace4b3c730b36642d69af8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5ad051d6e261d4933d1ce96286c1f7f221273486afc9f488a168f2ab39030f68
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 86de051023821b97f592383e13a74cc4e294d6afacace4b3c730b36642d69af8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47915171A00219ABDF38CFA5CC84FAEBBB8EF46714F108559F515AB280D7709945CBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00C5125C
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00C51284
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00C512A8
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00C512D8
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00C5135F
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00C513C4
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00C51430
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: db0a35c617deb55c6dcad9bc9338fdab44e485a47108a64506369c3b39c843ed
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cef7b909ba1af69c05eb1ccc60f9232436e3cc395d271485418127484447fa14
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db0a35c617deb55c6dcad9bc9338fdab44e485a47108a64506369c3b39c843ed
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E910379A00219AFDB00DFA4C889BBE77F5FF44312F194029ED10E7291D774A989CB98
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 162f4ee97404c46a10d299c4534f062964497278accde5cc8169f08f91b178f6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a1010709aa86ae0f6e781c975edcdc1282e059e1cc907301f921b33b4e1f2c26
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 162f4ee97404c46a10d299c4534f062964497278accde5cc8169f08f91b178f6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33913871D00219EFCB14CFA9CC84AEEBBB8FF49320F148599E615B7251D375AA45CBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00C6396B
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00C63A7A
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C63A8A
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00C63C1F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C50CDF: VariantInit.OLEAUT32(00000000), ref: 00C50D1F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C50CDF: VariantCopy.OLEAUT32(?,?), ref: 00C50D28
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C50CDF: VariantClear.OLEAUT32(?), ref: 00C50D34
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e0c78f0a3d950d4ce06aaca249d8357008331879cc94fd2adda26baf60f35032
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 45a9718258631fa250be8d0c953b6979b83aa61994753061188c990ab5e331a2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0c78f0a3d950d4ce06aaca249d8357008331879cc94fd2adda26baf60f35032
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 269188746083859FC714EF64C48092AB7E4FF89314F14896DF89A9B352DB30EE49CB82
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C3FF41,80070057,?,?,?,00C4035E), ref: 00C4002B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C3FF41,80070057,?,?), ref: 00C40046
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C3FF41,80070057,?,?), ref: 00C40054
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C3FF41,80070057,?), ref: 00C40064
                                                                                                                                                                                                                                                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00C64C51
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C64D59
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00C64DCF
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?), ref: 00C64DDA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1dbb265abfd9ba44857dab4bc61a3b3221b64a15d770abf8e17ebc5ef2fb476e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 83a2788f4fe2a36d9fee78da0fcf195ec470c6919b2d541545b8e7b227b82ba6
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1dbb265abfd9ba44857dab4bc61a3b3221b64a15d770abf8e17ebc5ef2fb476e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B910771D00219EFDF24DFA5C891AEEB7B9BF08310F108169E915A7291DB35AA45CF60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenu.USER32(?), ref: 00C72183
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 00C721B5
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00C721DD
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C72213
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,?), ref: 00C7224D
                                                                                                                                                                                                                                                                                                                                                                                • GetSubMenu.USER32(?,?), ref: 00C7225B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C43A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00C43A57
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C43A3D: GetCurrentThreadId.KERNEL32 ref: 00C43A5E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C43A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00C425B3), ref: 00C43A65
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00C722E3
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4E97B: Sleep.KERNEL32 ref: 00C4E9F3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 12d73466b5b7139607cdc729b216f0ae67d8ae7813cebb49f665f878a7ea519e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c9cf4c6b2ca072105d68b403110e3cf7f29c8cc26df323f28043eb75a311ef1e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12d73466b5b7139607cdc729b216f0ae67d8ae7813cebb49f665f878a7ea519e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69719275E00205AFCB10DF65C885AAEBBF5FF48320F148499E96AEB351D734EE419B90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • IsWindow.USER32(00FA5D68), ref: 00C77F37
                                                                                                                                                                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00FA5D68), ref: 00C77F43
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00C7801E
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00FA5D68,000000B0,?,?), ref: 00C78051
                                                                                                                                                                                                                                                                                                                                                                                • IsDlgButtonChecked.USER32(?,?), ref: 00C78089
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(00FA5D68,000000EC), ref: 00C780AB
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00C780C3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5ab8d9736d911598be80850318e8c54762ddbbabbdd67a03bcaf0a464c5cd704
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 84757d335f716396e65b3a6f132da26926aa6fb994fe6b7a1a42fd068be57133
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ab8d9736d911598be80850318e8c54762ddbbabbdd67a03bcaf0a464c5cd704
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B471B134608248AFEB21DFA4C9D4FAE7BB9EF09300F148559F96D57261CB31AA45DB20
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00C4AEF9
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00C4AF0E
                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 00C4AF6F
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 00C4AF9D
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 00C4AFBC
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 00C4AFFD
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00C4B020
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 10017f0de358cab243fe0150d3165e61ae77f30238847d6330089044e7ff4e78
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c3f69c07aef409e756ff4da7b068b82cf383ec8b51c3245f92d97cffadfe8390
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 10017f0de358cab243fe0150d3165e61ae77f30238847d6330089044e7ff4e78
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4151CFE0A447D53EFB3682748845BBBBEA96B06304F088489F1E9458C2C3D8EEC8D751
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(00000000), ref: 00C4AD19
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00C4AD2E
                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 00C4AD8F
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00C4ADBB
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00C4ADD8
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00C4AE17
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00C4AE38
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bd4cc9a34a996e30879fcbcaf0262af299054515e3c81a38c8226a68173f2e64
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7ff578e11320e948e3b971c0776f632f43454991f7875ffe013b6f4ed0facb4b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd4cc9a34a996e30879fcbcaf0262af299054515e3c81a38c8226a68173f2e64
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5151E7A19887D53DFB3783358C95B7A7EA87F46300F088488E1F5468C3D294EE94E752
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetConsoleCP.KERNEL32(00C23CD6,?,?,?,?,?,?,?,?,00C15BA3,?,?,00C23CD6,?,?), ref: 00C15470
                                                                                                                                                                                                                                                                                                                                                                                • __fassign.LIBCMT ref: 00C154EB
                                                                                                                                                                                                                                                                                                                                                                                • __fassign.LIBCMT ref: 00C15506
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00C23CD6,00000005,00000000,00000000), ref: 00C1552C
                                                                                                                                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,00C23CD6,00000000,00C15BA3,00000000,?,?,?,?,?,?,?,?,?,00C15BA3,?), ref: 00C1554B
                                                                                                                                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,00C15BA3,00000000,?,?,?,?,?,?,?,?,?,00C15BA3,?), ref: 00C15584
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e0d381abc6d4173b82b0ce1ca0f79ef8320ad40c77d8990d2aedb0ce05084616
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f54decf40252b52f5c464b9ccc973bfa407a7b0da7e0e3ae4140fb7ff5a9d522
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0d381abc6d4173b82b0ce1ca0f79ef8320ad40c77d8990d2aedb0ce05084616
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB51A471A00649DFDB10CFA8D885BEEBBFAEF4A300F14415AF555E7291D7309A81DB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00C02D4B
                                                                                                                                                                                                                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00C02D53
                                                                                                                                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00C02DE1
                                                                                                                                                                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00C02E0C
                                                                                                                                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00C02E61
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 24f7655872b9f49bb3b5947c9181dfdd1d2b860c3693eba11d8da7360bbe0b6e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bc7d9cff9c28e0bf9e0dac848f68b31e3e4cd1948a55dac8bc877b83254ed131
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 24f7655872b9f49bb3b5947c9181dfdd1d2b860c3693eba11d8da7360bbe0b6e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A641A334A00319ABCF10DF68C889A9EBBB5BF45325F1481A5E8256B3D2D731AE05CBD0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00C6307A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6304E: _wcslen.LIBCMT ref: 00C6309B
                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00C61112
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00C61121
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00C611C9
                                                                                                                                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 00C611F9
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3576ba0ee4e678d310faff29dc3c6235daf57f6b9748e8d731c85f5c9c4ba97b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 93a6df3419fba1d67a85c31875ddc9727f5e617f2a8aef8be4803eebd3205d8d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3576ba0ee4e678d310faff29dc3c6235daf57f6b9748e8d731c85f5c9c4ba97b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D41D731600205AFDB209F15C8C5BADBBE9EF45315F1C8059FD199B292C774AE85CBE1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00C4CF22,?), ref: 00C4DDFD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00C4CF22,?), ref: 00C4DE16
                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00C4CF45
                                                                                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00C4CF7F
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C4D005
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C4D01B
                                                                                                                                                                                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?), ref: 00C4D061
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c775cb2d6b0156d788535258edec9a99206a5e5ba16c9dcc3b243069482f6e18
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 66b7134950abe148c5b9472ed92b4cec34f51645feb2125782367e9ed58a8aee
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c775cb2d6b0156d788535258edec9a99206a5e5ba16c9dcc3b243069482f6e18
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C4155719462199FDF12EBA4D9C1ADEB7B8BF08380F1000E6E505EB152EB35A788DB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00C72E1C
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C72E4F
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C72E84
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00C72EB6
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00C72EE0
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C72EF1
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00C72F0B
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 573113001354d3866781c22744954eca2cd343841b4a07f80e8ce28908ca1990
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 25bde10be606183f9581c407ced8561dbf80a6fe6757d472d1236315ad5b3741
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 573113001354d3866781c22744954eca2cd343841b4a07f80e8ce28908ca1990
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 123115306041519FDB20CF58DCD4F6937E0FB4A721F194168F9588B2B1CB71AD80DB41
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C47769
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C4778F
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00C47792
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00C477B0
                                                                                                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00C477B9
                                                                                                                                                                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 00C477DE
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00C477EC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b9ce0d595889f83a3357f1c3a8da3fe134599a58197048b80de0a234d2e9106e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1b2aa8c69ee404f6d825bae57c360d1119e760ca8c0e60d4c0140128b87af6df
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9ce0d595889f83a3357f1c3a8da3fe134599a58197048b80de0a234d2e9106e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E219F7660421AAFDB11DFA8CC88EBA77ACFB093647408129FA15DB150D7709D8587A0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C47842
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C47868
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00C4786B
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32 ref: 00C4788C
                                                                                                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32 ref: 00C47895
                                                                                                                                                                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 00C478AF
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00C478BD
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 43c39511836b235f541f2164dff655ad2077ae47ba52ce63ef652d671cbd83d0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: abc89fb39786f94af4cdcb2640a78e936ef29df25c34d5d81770222c1f3c9ba2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43c39511836b235f541f2164dff655ad2077ae47ba52ce63ef652d671cbd83d0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19216031608205AFDB109FA9DC88EBA77ECFB097607108225F925EB2A1D774DD81CB64
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(0000000C), ref: 00C504F2
                                                                                                                                                                                                                                                                                                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00C5052E
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4144cc9b12531bfbf749447ec9ca6bfca1e42df0eb464cec21669f7bea7aba1c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4568b6b0be16f2b182d5ee84036c9b8ceea5ab61d9b1f4ee5878b289ee066993
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4144cc9b12531bfbf749447ec9ca6bfca1e42df0eb464cec21669f7bea7aba1c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 272182795003069BDB208F29DC45B9A77A4AF44726F704A19FCB1E61E1E7709A88CF28
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 00C505C6
                                                                                                                                                                                                                                                                                                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00C50601
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d72de521ee7b185e356167bc389d44c13dc6bd71f1b09989e0c6c9684fe664a9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 605bc4d5b7b360e3b41b5d547515f76674cd401a49f002dc3ea3ab187a07f16f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d72de521ee7b185e356167bc389d44c13dc6bd71f1b09989e0c6c9684fe664a9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29217479500306DBDB209F69CC45B9A77A4AF95722F340A19FCB1E72E0DB709AD4CB18
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00BE604C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE600E: GetStockObject.GDI32(00000011), ref: 00BE6060
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00BE606A
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00C74112
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00C7411F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00C7412A
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00C74139
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00C74145
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c2ecd8b109e9ea077c9bd4b197174bf92a8fa3a196c2cd9ad9cdc3b7beaf7ff8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 79d6168bd2a8720420d860e381cdb04670292b4a03a7c03b9ad1cd7b433d23be
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2ecd8b109e9ea077c9bd4b197174bf92a8fa3a196c2cd9ad9cdc3b7beaf7ff8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 841193B11401197EEF119E64CC85EEB7F9DEF09798F018110FA18A2050C7729C61DBA4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C1D7A3: _free.LIBCMT ref: 00C1D7CC
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1D82D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C129C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00C1D7D1,00000000,00000000,00000000,00000000,?,00C1D7F8,00000000,00000007,00000000,?,00C1DBF5,00000000), ref: 00C129DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C129C8: GetLastError.KERNEL32(00000000,?,00C1D7D1,00000000,00000000,00000000,00000000,?,00C1D7F8,00000000,00000007,00000000,?,00C1DBF5,00000000,00000000), ref: 00C129F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1D838
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1D843
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1D897
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1D8A2
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1D8AD
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1D8B8
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 178da6200d382d21eeed54ce38044698900e30f7fe9f54f10ee2c294a86c770c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E115171540B04AAD521BFB0CC47FCB7BDC6F02710F440825B29AEA1D2DAA5B5A57690
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00C4DA74
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 00C4DA7B
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00C4DA91
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 00C4DA98
                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00C4DADC
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                • %s (%d) : ==> %s: %s %s, xrefs: 00C4DAB9
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1cde9b6886185bf4cd04b22d706dbd15df59a0507704c6cfa79c011e679aedba
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: af9885df731805f4ba2e43436b1db8169117b553901dcd24c18683112bb3a360
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1cde9b6886185bf4cd04b22d706dbd15df59a0507704c6cfa79c011e679aedba
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E10162F25002097FE711ABA09DC9FEB366CE708705F4044A9B71AE2041EA749EC44F74
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00F9E7E0,00F9E7E0), ref: 00C5097B
                                                                                                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00F9E7C0,00000000), ref: 00C5098D
                                                                                                                                                                                                                                                                                                                                                                                • TerminateThread.KERNEL32(?,000001F6), ref: 00C5099B
                                                                                                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00C509A9
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00C509B8
                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00F9E7E0,000001F6), ref: 00C509C8
                                                                                                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00F9E7C0), ref: 00C509CF
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 47f6d0f275388115711cd2b2bfe75b2d68fbbf0db67dab7a0ff1625f6e124a47
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 84a19d1258a9a68916deae3b0ca7a18b9379686b73cb6d6e4e72f7dd6169c455
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47f6d0f275388115711cd2b2bfe75b2d68fbbf0db67dab7a0ff1625f6e124a47
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9F01D32442503ABD7415BA4EEC8BDABB25BF01702F501029F205A08A6C77495B5CF94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00C61DC0
                                                                                                                                                                                                                                                                                                                                                                                • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00C61DE1
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00C61DF2
                                                                                                                                                                                                                                                                                                                                                                                • htons.WSOCK32(?,?,?,?,?), ref: 00C61EDB
                                                                                                                                                                                                                                                                                                                                                                                • inet_ntoa.WSOCK32(?), ref: 00C61E8C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C439E8: _strlen.LIBCMT ref: 00C439F2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C63224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00C5EC0C), ref: 00C63240
                                                                                                                                                                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00C61F35
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cf683436b16de1e266307777e1539455751e3aaff602d9d8bf902fc0db1c75f4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c938754c14b1b41672d7108571b3b7935f6484d58ce53aa17aa2e118bcab0566
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf683436b16de1e266307777e1539455751e3aaff602d9d8bf902fc0db1c75f4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8B1D230604340AFC324DF65C8D5E2A77E5AF84318F58859CF9665B2E2CB71EE45CB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00BE5D30
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00BE5D71
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00BE5D99
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00BE5ED7
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00BE5EF8
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4356ca17a0fcf1f0e6032a6434d211e026732580228c0bf360fbd672def3f5c1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b2835d64f87b0ec5c523818c8935007cbca27dff1aa79e34462f25212f688262
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4356ca17a0fcf1f0e6032a6434d211e026732580228c0bf360fbd672def3f5c1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5CB18B38A1078ADBDB24DFA9C4807EEB7F1FF48314F14841AE8A9D7650DB34AA51DB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 00C100BA
                                                                                                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C100D6
                                                                                                                                                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 00C100ED
                                                                                                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C1010B
                                                                                                                                                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 00C10122
                                                                                                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C10140
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 134dc4c25ccfdb2cd12188a09c656f3b194d81d5680a4d2a607a74df2c6923da
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9810772600706ABE7249F69CC41BAB73E8AF46324F34413EF561D66C1E7B4DAC1AB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00C082D9,00C082D9,?,?,?,00C1644F,00000001,00000001,8BE85006), ref: 00C16258
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00C1644F,00000001,00000001,8BE85006,?,?,?), ref: 00C162DE
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00C163D8
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00C163E5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C13820: RtlAllocateHeap.NTDLL(00000000,?,00CB1444,?,00BFFDF5,?,?,00BEA976,00000010,00CB1440,00BE13FC,?,00BE13C6,?,00BE1129), ref: 00C13852
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00C163EE
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00C16413
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 69244297c2352e590324abc5ab45f2b09a877e8fef73af97f1333e0692d0a701
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3823f460bed1386a8d208170e29d113e4aa0c45c491e60c26dd32ba426393208
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69244297c2352e590324abc5ab45f2b09a877e8fef73af97f1333e0692d0a701
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F51E172600216ABEB258F64CC81EEF7BAAEB46710F554229FD25D6150EB34DDC0F660
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C6B6AE,?,?), ref: 00C6C9B5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6C998: _wcslen.LIBCMT ref: 00C6C9F1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6C998: _wcslen.LIBCMT ref: 00C6CA68
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6C998: _wcslen.LIBCMT ref: 00C6CA9E
                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C6BCCA
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C6BD25
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00C6BD6A
                                                                                                                                                                                                                                                                                                                                                                                • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00C6BD99
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00C6BDF3
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00C6BDFF
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 33d8549f17f0b0143e78f1c6bc73bee4c7ec2bda3dd6698a64dca446b4957181
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0c9df1e62134bdc29fd8e348d526f8b0b562210d845a0034ba41088bee27dc99
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 33d8549f17f0b0143e78f1c6bc73bee4c7ec2bda3dd6698a64dca446b4957181
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1818170108241AFD724DF24C8D5E2ABBE5FF84348F14859CF5598B2A2DB31EE85CB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000035), ref: 00C3F7B9
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000001), ref: 00C3F860
                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(00C3FA64,00000000), ref: 00C3F889
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(00C3FA64), ref: 00C3F8AD
                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(00C3FA64,00000000), ref: 00C3F8B1
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00C3F8BB
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 416ed960e8ce29084b2a048e5566427e048c998c4acedc5b388706b94146ee72
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dde235dc793082029040005d8fc1c5dd10cc95a3ebe010b772b3428290aec952
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 416ed960e8ce29084b2a048e5566427e048c998c4acedc5b388706b94146ee72
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6510635E20311BACF24AB66D895B3DB3E4EF45310F24986EE906DF291DB708C41CB96
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE7620: _wcslen.LIBCMT ref: 00BE7625
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE6B57: _wcslen.LIBCMT ref: 00BE6B6A
                                                                                                                                                                                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 00C594E5
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C59506
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C5952D
                                                                                                                                                                                                                                                                                                                                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 00C59585
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                                                • String ID: X
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 462f7a74ad8100e016078856f22ef52211cb445c6c94b726edb05d95df5a2902
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 237977c561339183a066dbed782832a92fcaae1b232aad738b339242d4ccfcc3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 462f7a74ad8100e016078856f22ef52211cb445c6c94b726edb05d95df5a2902
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8AE1C275508340CFC724DF25C881A6AB7E4FF85314F1489ADF8999B2A2EB30DD49CB96
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF9BB2
                                                                                                                                                                                                                                                                                                                                                                                • BeginPaint.USER32(?,?,?), ref: 00BF9241
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00BF92A5
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00BF92C2
                                                                                                                                                                                                                                                                                                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00BF92D3
                                                                                                                                                                                                                                                                                                                                                                                • EndPaint.USER32(?,?,?,?,?), ref: 00BF9321
                                                                                                                                                                                                                                                                                                                                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00C371EA
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9339: BeginPath.GDI32(00000000), ref: 00BF9357
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 964c795f4fe907f77709bd84090652abbcbb9279ff3fe116ecb5cac2a057d9d6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bc688c1f6fc11ab3b1e177eb5e3d2ea0dfa5368353d3ef90a5035ec024e7198f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 964c795f4fe907f77709bd84090652abbcbb9279ff3fe116ecb5cac2a057d9d6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5241AC71504205AFD721DF24DCD4FBE7BE8EB55720F1402A9FAA8872A2C7319889DB61
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 00C5080C
                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00C50847
                                                                                                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 00C50863
                                                                                                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 00C508DC
                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00C508F3
                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 00C50921
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c8fbfeb6bebcd5a918c8a0a1aa4fc7bde108b4a3bb4d594e532afdf930a36ee6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8ce03ddb1d371a7182de7fc834ae5846ea540b4b7b7239153cfdeecb416e969c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c8fbfeb6bebcd5a918c8a0a1aa4fc7bde108b4a3bb4d594e532afdf930a36ee6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51414975900206ABDF149F54DC85B6A77B8FF04310F1440A9EE04EB297D730DEA9DBA4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00C3F3AB,00000000,?,?,00000000,?,00C3682C,00000004,00000000,00000000), ref: 00C7824C
                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 00C78272
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00C782D1
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 00C782E5
                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 00C7830B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00C7832F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e95b1b2eab4977da88f027021f9121d069665f4423a0ba81adeb0f9b1a6c34df
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 85ee148449c30f36dccefa77e859c3852345b6218ee109dd616bd06b02ba4dea
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e95b1b2eab4977da88f027021f9121d069665f4423a0ba81adeb0f9b1a6c34df
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2418334A41644AFDF15CF25D8DDBA87BE0BB0A715F188269EB1C4B273CB31A949CB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 00C44C95
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00C44CB2
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00C44CEA
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C44D08
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00C44D10
                                                                                                                                                                                                                                                                                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 00C44D1A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: eaef34558c5b0c56f42c6fb69aabdf57a7de51265b6007c544e63410e3c34036
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d511f735c6e1572d5ba1b5a95023171fc2746d9d3737c464dfef2c45eb3ac0eb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eaef34558c5b0c56f42c6fb69aabdf57a7de51265b6007c544e63410e3c34036
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4212931604205BBEB195B39EC89F7F7BECEF45750F20407DF909CA191DA61CD4092A0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00BE3A97,?,?,00BE2E7F,?,?,?,00000000), ref: 00BE3AC2
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C5587B
                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00C55995
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00C7FCF8,00000000,00000001,00C7FB68,?), ref: 00C559AE
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 00C559CC
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3b4789d357dc918a6862672cd706a4b478bd0135b63b66a3e0e4b778e3478ddc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a06fea0f250218b065aec4fa70ee75ef8059598cf096b01a4b8bd7426ddd338c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b4789d357dc918a6862672cd706a4b478bd0135b63b66a3e0e4b778e3478ddc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03D187786047019FC714DF15C4A4A2ABBE1FF89711F14889DF8999B361CB31ED8ACB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C40FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00C40FCA
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C40FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00C40FD6
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C40FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00C40FE5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C40FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00C40FEC
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C40FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00C41002
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000000,00C41335), ref: 00C417AE
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00C417BA
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00C417C1
                                                                                                                                                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000,00000000,?), ref: 00C417DA
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00C41335), ref: 00C417EE
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00C417F5
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 52d9f6bc093901b218852cf228b2bd84cd2f941d1b9afc37e44eabc01f60c330
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a793b3dab49cdfa896a3ea4ae09eba1dc7af893bb02f05dbc6fdd9dbdd452b59
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52d9f6bc093901b218852cf228b2bd84cd2f941d1b9afc37e44eabc01f60c330
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10118E31510206FFDB109FA4CC89BAE7BB9FB45355F184028F89597210D735AA84CB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00C414FF
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00C41506
                                                                                                                                                                                                                                                                                                                                                                                • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00C41515
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000004), ref: 00C41520
                                                                                                                                                                                                                                                                                                                                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00C4154F
                                                                                                                                                                                                                                                                                                                                                                                • DestroyEnvironmentBlock.USERENV(00000000), ref: 00C41563
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 48b958f2754f6b72738a3306f9533b4f770331689edc36bcf4961c2bcb44e24c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a858580284acec49ec7ca0ffb95990b9943cf5c37ea2a023d90a7a000ea096fb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 48b958f2754f6b72738a3306f9533b4f770331689edc36bcf4961c2bcb44e24c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D11297250120AABDF118F98DD89BDE7BA9FF48754F088019FE59A2060C3758EA0DB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00C03379,00C02FE5), ref: 00C03390
                                                                                                                                                                                                                                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00C0339E
                                                                                                                                                                                                                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00C033B7
                                                                                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,00C03379,00C02FE5), ref: 00C03409
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d0f6b347860ced92fb2b5b87997c2d953af729923be986a68944aae9e5f60cac
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6df72f847f175e9e7701a1fb300440fb97f0e84881afcb7246acab65001fd5c7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0f6b347860ced92fb2b5b87997c2d953af729923be986a68944aae9e5f60cac
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F201D432609351BEE72527B57CC576F2A9CEB063797200229F620861F0FF224F52E644
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00C15686,00C23CD6,?,00000000,?,00C15B6A,?,?,?,?,?,00C0E6D1,?,00CA8A48), ref: 00C12D78
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C12DAB
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C12DD3
                                                                                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,00C0E6D1,?,00CA8A48,00000010,00BE4F4A,?,?,00000000,00C23CD6), ref: 00C12DE0
                                                                                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,00C0E6D1,?,00CA8A48,00000010,00BE4F4A,?,?,00000000,00C23CD6), ref: 00C12DEC
                                                                                                                                                                                                                                                                                                                                                                                • _abort.LIBCMT ref: 00C12DF2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b90f1a681da807393999e08facf25b0665b62d084641f8f21b7acc5632035dea
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ad2f9217319911cd5f87d670e62b3eaf9efb8ea45ed966f47b9404161e62e441
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b90f1a681da807393999e08facf25b0665b62d084641f8f21b7acc5632035dea
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7AF0A43A6446012BC6223739FC46BDE2559ABC37B5F24041CF838921E2EE2489F2B260
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00BF9693
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9639: SelectObject.GDI32(?,00000000), ref: 00BF96A2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9639: BeginPath.GDI32(?), ref: 00BF96B9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9639: SelectObject.GDI32(?,00000000), ref: 00BF96E2
                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00C78A4E
                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,00000003,00000000), ref: 00C78A62
                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00C78A70
                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,00000000,00000003), ref: 00C78A80
                                                                                                                                                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 00C78A90
                                                                                                                                                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 00C78AA0
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4cf77c9ca0bec4b93444a851baf9869c0c73f34d933489574462db6686b9b1e7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d60bd87bd57efdd43e47f06e56760178bea56ab2974943c32e5120cd2586a6e0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4cf77c9ca0bec4b93444a851baf9869c0c73f34d933489574462db6686b9b1e7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB11097604014DFFDB129F90DC88FAE7F6DEB08350F048026BA199A1A1C7719E95DBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00C45218
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 00C45229
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00C45230
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00C45238
                                                                                                                                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00C4524F
                                                                                                                                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00C45261
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 46f0057f6b4991e9d52f40ab7e5e919d78f4651e22d50f771be2068236f3070b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cd07aff674400d9ffcc0755463d0269012cc0fb4d7466d6b99b9ca62e8d23604
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 46f0057f6b4991e9d52f40ab7e5e919d78f4651e22d50f771be2068236f3070b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71014475E00715BBEB105BA59C89B5EBFB8FF48751F044069FA08A7281D6709900CBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00BE1BF4
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00BE1BFC
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00BE1C07
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00BE1C12
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 00BE1C1A
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00BE1C22
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cc1f3da19b8a4e90eb150cf98719645ea90ba817793d2aee7eac7e4e64581743
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 31d6f62146134f670f90085d9b6f96de414e467a4df1269724f252b090a251dc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc1f3da19b8a4e90eb150cf98719645ea90ba817793d2aee7eac7e4e64581743
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84016CB090275A7DE3008F5A8C85B56FFA8FF19754F00411FA15C47941C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00C4EB30
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00C4EB46
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 00C4EB55
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00C4EB64
                                                                                                                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00C4EB6E
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00C4EB75
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8f7387dd84e493461c464218381a73223b035c56141d2c27150450cb0506f068
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bd64c22c8d1ff6038b42f37f934ed59ecdce72ecc3089faee723ee72d0873d33
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f7387dd84e493461c464218381a73223b035c56141d2c27150450cb0506f068
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0FF05E7264015ABBE7215B629C8EFEF3E7CEFCAB11F00016CF615E1091D7A05A41CAB5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?), ref: 00C37452
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 00C37469
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowDC.USER32(?), ref: 00C37475
                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 00C37484
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00C37496
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000005), ref: 00C374B0
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0705357d9d532680e0deda82dc36584fee5566c971749824e8f86b5077aab80d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8de573388fab1d64ffdb6668730ac1b3b5f2780c8609e0ec95b3f6e19a510103
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0705357d9d532680e0deda82dc36584fee5566c971749824e8f86b5077aab80d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4B016D31404216EFDB615F64DC88BAE7BB5FF04351F550168F92AA31A1CB312E91EF50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00C4187F
                                                                                                                                                                                                                                                                                                                                                                                • UnloadUserProfile.USERENV(?,?), ref: 00C4188B
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00C41894
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00C4189C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00C418A5
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00C418AC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f1c2f96c6d790d79cf20759fb1377575037d1048d6663198e5836c01ec66a7c0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dbe30d86efe62c43e54434e61300cb5a0d71d901013228e074d2eb522bf5332e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1c2f96c6d790d79cf20759fb1377575037d1048d6663198e5836c01ec66a7c0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5AE0E536004102BBEB015FA1ED4CB4EBF39FF49B22B508228F22991470CB3294B0DF50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE7620: _wcslen.LIBCMT ref: 00BE7625
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00C4C6EE
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C4C735
                                                                                                                                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00C4C79C
                                                                                                                                                                                                                                                                                                                                                                                • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00C4C7CA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c6f4936fc35e622193c4285b335ab44093745eaa08ec890cdc2738dc4a80bbc2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d36fbc3daaa7651d7cbecffdde5123ce04b8cd78245a95694254cd8e6ba82528
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c6f4936fc35e622193c4285b335ab44093745eaa08ec890cdc2738dc4a80bbc2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0551DB716063419BD7949F29C8C5BABB7E8BF89314F080A2DF9A5D31F0DB60DA04DB52
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 00C6AEA3
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE7620: _wcslen.LIBCMT ref: 00BE7625
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessId.KERNEL32(00000000), ref: 00C6AF38
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00C6AF67
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d869d341af0f4670e0a8261177b145264913c4357e081b506346f81252976b14
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1980bf2ec31eef6c3408cdee7690df30e91e7800ac1251ca4c83c61d9169b51f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d869d341af0f4670e0a8261177b145264913c4357e081b506346f81252976b14
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69714970A00655DFCB24DF55D494A9EBBF0EF08314F048499E826AB3A2CB75EE45CF91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00C47206
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00C4723C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00C4724D
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00C472CF
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d63fe6d96e66fe0e2c3fa4f37ac7de16c196c7e941674bf3c1729322bd4b9639
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 10254be7ac9944424b9e0ff363f4ff51ab8252e3b72d49c40bfa76ef11e2bfa1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d63fe6d96e66fe0e2c3fa4f37ac7de16c196c7e941674bf3c1729322bd4b9639
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4416DB1A04205EFDB25CF64C884B9A7BA9FF44310F1481ADBD099F20AD7B0DA44CBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C73E35
                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 00C73E4A
                                                                                                                                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00C73E92
                                                                                                                                                                                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 00C73EA5
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a0cc1f14c6d989580b512390083cd78b693879f5b339c81b089013bf27a2b69c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cc9cd0810cf41517420d240f3526a72f0fc9f72c30e29490c1bb59e78e7bcf63
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0cc1f14c6d989580b512390083cd78b693879f5b339c81b089013bf27a2b69c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74415975A01249EFDB10DF60D884EAEBBB9FF49354F04812AF919A7250D730AE44EF60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C43CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00C43CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00C41E66
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00C41E79
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000189,?,00000000), ref: 00C41EA9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE6B57: _wcslen.LIBCMT ref: 00BE6B6A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8816f37564a84f2b96f229c2b48d7d8ed9cd3e07b9c1cba112a1fbce5553c9a1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f7ad35ee54f3a2ec3e06009094a05a6d04d5a3f2a03a3175d1f86b5dbb81efa5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8816f37564a84f2b96f229c2b48d7d8ed9cd3e07b9c1cba112a1fbce5553c9a1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F214775A00105BFDB14ABA5DC8ADFFBBB8EF41390B14412DFC65A31E1DB344E8A8620
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00C72F8D
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 00C72F94
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00C72FA9
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00C72FB1
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c5d0135eb400fdb4a7928d37f00d171e650d7df440dfddb94f3969fd68fa5eb5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f82a7d28a985055655040b2af8d40f8b4b67077f0746a443a46ea3506a0eab25
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5d0135eb400fdb4a7928d37f00d171e650d7df440dfddb94f3969fd68fa5eb5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3221CD72200225AFEF104FA4DC80FBB37BDEB59364F108628F968D2190D771DD919760
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00C04D1E,00C128E9,?,00C04CBE,00C128E9,00CA88B8,0000000C,00C04E15,00C128E9,00000002), ref: 00C04D8D
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00C04DA0
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00C04D1E,00C128E9,?,00C04CBE,00C128E9,00CA88B8,0000000C,00C04E15,00C128E9,00000002,00000000), ref: 00C04DC3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0b23bac27331b9655416551d70d62f2bd5cf3aa0f6f16c63f70fbebb5ec67656
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 948dbfdfcb5feac9a94f61a8dd048a31de5137e050ba63fdd1cd3821a49f95eb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b23bac27331b9655416551d70d62f2bd5cf3aa0f6f16c63f70fbebb5ec67656
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1F04F75A40209BBDB159F90DC89BAEBFB5EF44756F5400A8F909A22A0CB305A80DB95
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00BE4EDD,?,00CB1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00BE4E9C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00BE4EAE
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00BE4EDD,?,00CB1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00BE4EC0
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e613e5a61f8b264372436e33b1bc0fd6fe0d6e4509ac13e2e43312f646f1b5b2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 068cf2621e114a9f763123e766b8eb442c7d9b50a9ba7e25f2c31c6c3e93ee75
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e613e5a61f8b264372436e33b1bc0fd6fe0d6e4509ac13e2e43312f646f1b5b2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47E0CD36E015A35BD3311B266C58B6F66D8EFC1F62B050179FC08D2100DB64CD4185A0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00C23CDE,?,00CB1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00BE4E62
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00BE4E74
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00C23CDE,?,00CB1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00BE4E87
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a0c662488c5528c9daf130274f6b674bf218e293a3e0f558420628079e83bbde
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9be4b8ee60df3c78d0c7b7fac3a3547809684c07af8b68d0c1b0d4721376fe90
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0c662488c5528c9daf130274f6b674bf218e293a3e0f558420628079e83bbde
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2D0C2329026A35747221B266C18F8F6A58EF89B113490178B808A2110CF20CD42C5D0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00C52C05
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 00C52C87
                                                                                                                                                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00C52C9D
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00C52CAE
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00C52CC0
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 81b74b5f1f61bd8907512c903ef6727644112393a186328dea56aa6999c3627a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 51a5e816d2062046bc785c6fb78f07b714f996fff6d470edb59de46f33aa6289
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81b74b5f1f61bd8907512c903ef6727644112393a186328dea56aa6999c3627a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CBB16075900119ABDF21DBA4CC85EDEB7BDEF09354F0040A6F909E7142EB30AA88DF65
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 00C6A427
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00C6A435
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00C6A468
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00C6A63D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d29b5fefdd503dc7c2bd5a466612c903856432fff695eede3a29c5807e65cc13
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ae0715ac6360528b87ca003616e2e90c123a406c693cee8c1fc12ea28e305776
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d29b5fefdd503dc7c2bd5a466612c903856432fff695eede3a29c5807e65cc13
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BDA1C071604701AFD720DF25C882F2AB7E1AF84714F14885DF5AA9B392DBB0ED45CB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00C83700), ref: 00C1BB91
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00CB121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00C1BC09
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00CB1270,000000FF,?,0000003F,00000000,?), ref: 00C1BC36
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1BB7F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C129C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00C1D7D1,00000000,00000000,00000000,00000000,?,00C1D7F8,00000000,00000007,00000000,?,00C1DBF5,00000000), ref: 00C129DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C129C8: GetLastError.KERNEL32(00000000,?,00C1D7D1,00000000,00000000,00000000,00000000,?,00C1D7F8,00000000,00000007,00000000,?,00C1DBF5,00000000,00000000), ref: 00C129F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1BD4B
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 70360d0237c3e95682bed751a78e3a91d0021b51bc859d959be658e444f3d832
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f1b77827dd7cad237f3fad276ad149239f097adfdb881300a005c2573931261b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70360d0237c3e95682bed751a78e3a91d0021b51bc859d959be658e444f3d832
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC51DA71904209EFCB14EF65DC91AEEB7BCEF42320F54026AE464D71A1DB309E91AF91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00C4CF22,?), ref: 00C4DDFD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00C4CF22,?), ref: 00C4DE16
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4E199: GetFileAttributesW.KERNEL32(?,00C4CF95), ref: 00C4E19A
                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00C4E473
                                                                                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00C4E4AC
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C4E5EB
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C4E603
                                                                                                                                                                                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00C4E650
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7fdfbdc80433c1098e3f2b7f00ff8c6dfea9f0d09ea855c39712dcf521e460c4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a045e9fcc28f443981de715829c0c9acc74f41728d6a64d7f104ac078cd955b5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7fdfbdc80433c1098e3f2b7f00ff8c6dfea9f0d09ea855c39712dcf521e460c4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F5152B24083859BC724EB90D881ADF77ECBF84344F00492EF599D3191EF74A688CB66
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C6B6AE,?,?), ref: 00C6C9B5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6C998: _wcslen.LIBCMT ref: 00C6C9F1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6C998: _wcslen.LIBCMT ref: 00C6CA68
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6C998: _wcslen.LIBCMT ref: 00C6CA9E
                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C6BAA5
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C6BB00
                                                                                                                                                                                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00C6BB63
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?), ref: 00C6BBA6
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00C6BBB3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6f53f69b690d934723403445635adfabc50947fd848898969cfa208d2d0601db
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 701fd40a46d7306f9dbed09fc43d0cf744a261ab9553ab7108cd448fe1c5876e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f53f69b690d934723403445635adfabc50947fd848898969cfa208d2d0601db
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A619331208241AFD724DF54C4D0E2ABBE5FF84348F54859CF4998B2A2DB31ED85DB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00C48BCD
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32 ref: 00C48C3E
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32 ref: 00C48C9D
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00C48D10
                                                                                                                                                                                                                                                                                                                                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00C48D3B
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8661793f8b4ac87a662e3fa0d12dd77066daad202b3e58f7bf69cfa7e108559e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3dab9338245fef5d17e54cb8a5b823ff44033a937bcfaa2e58d5a1988411040e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8661793f8b4ac87a662e3fa0d12dd77066daad202b3e58f7bf69cfa7e108559e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B75158B5A0121AEFCB14CF68C894AAEB7F8FF89314B158559E919DB350E730E911CF90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00C58BAE
                                                                                                                                                                                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00C58BDA
                                                                                                                                                                                                                                                                                                                                                                                • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00C58C32
                                                                                                                                                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00C58C57
                                                                                                                                                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00C58C5F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f9bb89b881d3791adbb9a4ed3be3a76248cacca720c6b126e62a521d2b4acaec
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 95a77d699784cc80bf55a14d32a37cba150442332d1216a85d42324ccc393229
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9bb89b881d3791adbb9a4ed3be3a76248cacca720c6b126e62a521d2b4acaec
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26514B35A006199FCB15DF65C881E6EBBF5FF48314F088498E849AB362DB31ED95CB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00C68F40
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00C68FD0
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 00C68FEC
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00C69032
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00C69052
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BFF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00C51043,?,7529E610), ref: 00BFF6E6
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BFF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00C3FA64,00000000,00000000,?,?,00C51043,?,7529E610,?,00C3FA64), ref: 00BFF70D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 81e0f42c01e70c7943217e82905abfc8f585c2c839025c6bfbd4e04ef712bc2b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a006eeb8844ce2fba019c7fabdb14666a7c1a16e83b628991bd0904d7f67e42b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81e0f42c01e70c7943217e82905abfc8f585c2c839025c6bfbd4e04ef712bc2b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21515B35600245DFCB20DF69C4D49ADBBF1FF49314B4481A8E81A9B362DB31EE89CB91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00C76C33
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,?), ref: 00C76C4A
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00C76C73
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00C5AB79,00000000,00000000), ref: 00C76C98
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00C76CC7
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 35581b52b5f0c4671a9f460694c430d53d12583da26f33c6a470d3440ba31811
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1b2856a2e43285b899447c3be8e83f362173d2ecddcb093b20409d0bc913a1f2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35581b52b5f0c4671a9f460694c430d53d12583da26f33c6a470d3440ba31811
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB41E635A04504AFD725CF39CC98FA97BA5EB09360F148268FCADA72E0C771EE41DA40
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: aea5d7a4c3efd4b5ed9ec221cc7fa4b9c5f80e4d910d48b123d60ef5980f1b92
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bd2dab2e30745d0d94e633c9e1d6a4e2ac6e9cd103660e8a3c208d7238bfd1fd
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aea5d7a4c3efd4b5ed9ec221cc7fa4b9c5f80e4d910d48b123d60ef5980f1b92
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4341FB36A00204AFCB24DF78C881A9DB7F5EF8A314F1545A9E615EB351D731EE51E780
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00BF9141
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(00000000,?), ref: 00BF915E
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000001), ref: 00BF9183
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000002), ref: 00BF919D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d9088202dc2dcac579863e56229fc8f7b4e9a5da165d278719edb9e257920836
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 31da242d5843de1e8c26ca26eb1f433c1ce261ca339da2d103b19da0f55e9d20
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d9088202dc2dcac579863e56229fc8f7b4e9a5da165d278719edb9e257920836
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B41607190850BFBDF159F64C844BFEB7B4FB05324F208369E529A3290C7306A54DB91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetInputState.USER32 ref: 00C538CB
                                                                                                                                                                                                                                                                                                                                                                                • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00C53922
                                                                                                                                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 00C5394B
                                                                                                                                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00C53955
                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00C53966
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b760152b55f756ca9ef5e8f99eaa887b60c90333d56b566c6de9918ba77f97a1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ec95c8dcc54fef76fb748daa843d93bfb6b6a0d8af9af47a8d761fc924dbaf21
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b760152b55f756ca9ef5e8f99eaa887b60c90333d56b566c6de9918ba77f97a1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A31EAB45043C69EEB35CB359858BBA37E4AB11382F48055DEC76820E0E7B597CCCB15
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00C5C21E,00000000), ref: 00C5CF38
                                                                                                                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 00C5CF6F
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,?,?,?,00C5C21E,00000000), ref: 00C5CFB4
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,00C5C21E,00000000), ref: 00C5CFC8
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,00C5C21E,00000000), ref: 00C5CFF2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f07ee679301f170517792dafb4b54244007165e5defe812a1fe0b1d90a28d0dc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c681890fd7b9af618b42cdd3f0d89c7f498b6f7c37d7198ee82f099e93c14481
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f07ee679301f170517792dafb4b54244007165e5defe812a1fe0b1d90a28d0dc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06317F75600306AFDB24DFE5C8C4AAFBBF9EF14352B10456EF916D2111DB30AE889B64
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00C41915
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000001,00000201,00000001), ref: 00C419C1
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?), ref: 00C419C9
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000001,00000202,00000000), ref: 00C419DA
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00C419E2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ab836db9d546b65871a7b11d3fd42ae74b2d6b95f885bc3f922aa21cc1c4cddb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 06a66cbd8d2a2fed7892ff5d18f7a625a80e99df179ec36bf19105c5e6540e6f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab836db9d546b65871a7b11d3fd42ae74b2d6b95f885bc3f922aa21cc1c4cddb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1931AD71A0021AEFCB04CFA8C999BDE3BB5FB14315F144229FD65AB2D1C7709A94CB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00C75745
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,?,00000001), ref: 00C7579D
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C757AF
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C757BA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00C75816
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 51f920fb2bd3cc843d2c75b648850ed2eaa59f2e56206b40137b5b15f857cf89
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 212cfbffc7b8419e448245bb298a063eff7b683c69a13e4f971f215ecd19eaef
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51f920fb2bd3cc843d2c75b648850ed2eaa59f2e56206b40137b5b15f857cf89
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D42165759046189ADB209F65CC85AEE7BBCFF04764F10C21AFA2DEA1C0D7B19A85CF50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 00C60951
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00C60968
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00C609A4
                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,00000003), ref: 00C609B0
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000003), ref: 00C609E8
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 30c5372c65ae88b8e3cd56794b7093d12854b6d866ea9b44722a8e5f60959494
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9865b7d5c0cd44c15f2c1af3b02783c3de0402ac1fcb9c496d44e5f3cb0bb536
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30c5372c65ae88b8e3cd56794b7093d12854b6d866ea9b44722a8e5f60959494
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E218135600204AFD714EF65D889BAFBBE5EF44701F14846CF85AA7352DB70AD44DB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 00C1CDC6
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C1CDE9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C13820: RtlAllocateHeap.NTDLL(00000000,?,00CB1444,?,00BFFDF5,?,?,00BEA976,00000010,00CB1440,00BE13FC,?,00BE13C6,?,00BE1129), ref: 00C13852
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00C1CE0F
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1CE22
                                                                                                                                                                                                                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00C1CE31
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 60fcb5bb25cabe5c1d26286b669ee727279a52b2ed40f0b6fed5526ff50ae2a1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e90152dec0c333abc5f8f73aaad9f034811c5cfa54b90a9110b016977993822e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60fcb5bb25cabe5c1d26286b669ee727279a52b2ed40f0b6fed5526ff50ae2a1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E60184726412157F232116BA6CC9EFF696DEFC7BA1315012DF919C7201EA618E91A1B0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00BF9693
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00BF96A2
                                                                                                                                                                                                                                                                                                                                                                                • BeginPath.GDI32(?), ref: 00BF96B9
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00BF96E2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 31d073545e6983b691a761704883194d6ee03dc67cb345546aa76e0c1c1b9264
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ee88276f64d5b5fdb76d6c98a6752f7013b4b99d7a049e27141b4baf4a6044c6
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31d073545e6983b691a761704883194d6ee03dc67cb345546aa76e0c1c1b9264
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10217F70C02349EBDB119F24EC647BD3BA8FB10315F54435AF914A71B0D3709899CB94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4d10cbe7d8eff921487dfb5170df8c9dfa0871acd30ca2baa4a6d88533d80bd8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 67cf4cee1791b8ab41ab4f4570ce8572aefa6923daed22f59efc0f9002aa777a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d10cbe7d8eff921487dfb5170df8c9dfa0871acd30ca2baa4a6d88533d80bd8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8101B9A1651605BBE21855119E82FBB735CBB21394F048035FD189A282F760EE52D2B1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00C0F2DE,00C13863,00CB1444,?,00BFFDF5,?,?,00BEA976,00000010,00CB1440,00BE13FC,?,00BE13C6), ref: 00C12DFD
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C12E32
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C12E59
                                                                                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00BE1129), ref: 00C12E66
                                                                                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00BE1129), ref: 00C12E6F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4ad3e38127165b0766615c4db63db97d0928dca6ac7187fb112e6d7d8d618685
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a75ca0e1b8455c7a843d9b85615f89ecff2f613f75ebd20ac6cee85162d1d7b8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ad3e38127165b0766615c4db63db97d0928dca6ac7187fb112e6d7d8d618685
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D01F93A24560067C71227356C85FEF1559AFC3376F204028F439A22D3EB348DF27120
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C3FF41,80070057,?,?,?,00C4035E), ref: 00C4002B
                                                                                                                                                                                                                                                                                                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C3FF41,80070057,?,?), ref: 00C40046
                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C3FF41,80070057,?,?), ref: 00C40054
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C3FF41,80070057,?), ref: 00C40064
                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00C3FF41,80070057,?,?), ref: 00C40070
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 854fbd77b0caf667b14fc19fc7a157c9fb0ea7503ca9a8a2203a662c285be0d8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 70597f7ffc3660b325a1b4e23caa8b0b05f8f34bf60ac42520c62694a8e2c81c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 854fbd77b0caf667b14fc19fc7a157c9fb0ea7503ca9a8a2203a662c285be0d8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB018F72640205BFDB204F69DC48BAE7BADFB44752F244128FE09D2210D775DE808BA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00C4E997
                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceFrequency.KERNEL32(?), ref: 00C4E9A5
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 00C4E9AD
                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00C4E9B7
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32 ref: 00C4E9F3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 02a986aed6aa993bd07f5bc9fd46e22d84f9e42649aae09bac5dc6a7a08af60d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0cb0601998e234a487a6fa45ec445d0c373798c4733e2a6cd536ddda69860a81
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02a986aed6aa993bd07f5bc9fd46e22d84f9e42649aae09bac5dc6a7a08af60d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6016D31C0152ADBCF00AFE5DC89BEDBB78FF18310F41055AE902B2191CB309691C761
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00C41114
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,00000000,?,?,00C40B9B,?,?,?), ref: 00C41120
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00C40B9B,?,?,?), ref: 00C4112F
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00C40B9B,?,?,?), ref: 00C41136
                                                                                                                                                                                                                                                                                                                                                                                • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00C4114D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 49db687e67500d964e2a887bbe3e70553195288508ca53bfba50304ebe8c960c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e57c405d68be21f6bd9868c4b10e63babb038c8e93fa934c25584b30c0ab064e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49db687e67500d964e2a887bbe3e70553195288508ca53bfba50304ebe8c960c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E016975200206BFDB114FA4DC89B6E3B6EFF893A1B240428FA49C3360DA31DD808A60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00C40FCA
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00C40FD6
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00C40FE5
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00C40FEC
                                                                                                                                                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00C41002
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7a09fd5650830578f5a6306d31648f2bd1807018e396e1275b940bf4782d4027
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0310d9da6e25aa0ace15ac2abe8b4bb76b838e497caa2f05e37dad7d094271dc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a09fd5650830578f5a6306d31648f2bd1807018e396e1275b940bf4782d4027
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01F04935200302AFDB214FA4AC89F5A3FADFF89762F544428FA49D6251CA70DC908A60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00C4102A
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00C41036
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00C41045
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00C4104C
                                                                                                                                                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00C41062
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 135a21813f884bd13819b145e77e879bce798ebad9c99d788a0b5eea4fd4aa42
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9034c0adb334ca084e6a88b05fe405d7dea6c93e5d94fbd6c00e43d099e1f87b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 135a21813f884bd13819b145e77e879bce798ebad9c99d788a0b5eea4fd4aa42
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2DF06D35200302EBDB215FA4EC89F5A3BADFF89761F140428FE49D7250CA70D9908A60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00C5017D,?,00C532FC,?,00000001,00C22592,?), ref: 00C50324
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00C5017D,?,00C532FC,?,00000001,00C22592,?), ref: 00C50331
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00C5017D,?,00C532FC,?,00000001,00C22592,?), ref: 00C5033E
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00C5017D,?,00C532FC,?,00000001,00C22592,?), ref: 00C5034B
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00C5017D,?,00C532FC,?,00000001,00C22592,?), ref: 00C50358
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00C5017D,?,00C532FC,?,00000001,00C22592,?), ref: 00C50365
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9825ba0547688a16bad79577186eb04d03543594da7e16cf59c11f778343d329
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c373249d73083446fbabc050880d571c5a6125c14257b9912f65160eebcaad6e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9825ba0547688a16bad79577186eb04d03543594da7e16cf59c11f778343d329
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF01A276800B159FC7309F66D880416F7F5BF503163258A3FD1A692931C371AA98CF84
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1D752
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C129C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00C1D7D1,00000000,00000000,00000000,00000000,?,00C1D7F8,00000000,00000007,00000000,?,00C1DBF5,00000000), ref: 00C129DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C129C8: GetLastError.KERNEL32(00000000,?,00C1D7D1,00000000,00000000,00000000,00000000,?,00C1D7F8,00000000,00000007,00000000,?,00C1DBF5,00000000,00000000), ref: 00C129F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1D764
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1D776
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1D788
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1D79A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e31471a3fc3f46d479180814e4daab4ec43a35995c765fbd7249e273f46d5d9c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 04013d6bbbc786fafb902651152c3d00518902f5f61e5ebd97cab7eb29fa39be
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e31471a3fc3f46d479180814e4daab4ec43a35995c765fbd7249e273f46d5d9c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78F06232500204AB8621EB68F9C5E9A77DDBB07720F940C05F059DB585CB34FCD0A6E0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00C45C58
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 00C45C6F
                                                                                                                                                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 00C45C87
                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,0000040A), ref: 00C45CA3
                                                                                                                                                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000001), ref: 00C45CBD
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 20485cec726b7b94a88a8e751c8df12db0945e58dc384de796d72759315d53f6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0db47e601c5fb76078888c100b7acc3e2448b14d2319c121a3edc389e2d96edd
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20485cec726b7b94a88a8e751c8df12db0945e58dc384de796d72759315d53f6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73018630500B05ABEB315B20DDCEFAA77B8BB04B45F00055DB597A10E1DBF0AA848B91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C122BE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C129C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00C1D7D1,00000000,00000000,00000000,00000000,?,00C1D7F8,00000000,00000007,00000000,?,00C1DBF5,00000000), ref: 00C129DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C129C8: GetLastError.KERNEL32(00000000,?,00C1D7D1,00000000,00000000,00000000,00000000,?,00C1D7F8,00000000,00000007,00000000,?,00C1DBF5,00000000,00000000), ref: 00C129F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C122D0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C122E3
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C122F4
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C12305
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ce912f05834b194fc98daf24991913a63a8d59cde890a4d6280a2548eedc3d50
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f4963edf42d89b4be4b12bd3013632d5cc850791cc90ef7616c139ad4169feff
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce912f05834b194fc98daf24991913a63a8d59cde890a4d6280a2548eedc3d50
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 67F05E799001208B8A12AF98BC41BAD3B64F71A770F54070AF810DB3B1C73449B1BFE5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 00BF95D4
                                                                                                                                                                                                                                                                                                                                                                                • StrokeAndFillPath.GDI32(?,?,00C371F7,00000000,?,?,?), ref: 00BF95F0
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00BF9603
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32 ref: 00BF9616
                                                                                                                                                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 00BF9631
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7a0868fefe0dbfda59e97646ed522f77adcd438939d14941f80dbc9258f83577
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 067ff3053a81d6192d093c5c64f4c87997aa8fb2742012910b0806cca7361f2f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a0868fefe0dbfda59e97646ed522f77adcd438939d14941f80dbc9258f83577
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AEF03C30805349EBDB225F65ED6C7BC3BA5EB10322F588358F929960F0C7308995DF60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                                                • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1d25bcedfa4f824bb411704f5c4885dc9157366ee1158bb409f663ccf019288c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 69852697785faee297c3b3e8dbc95fdaa0acacd02cc4d4a693ce92ebcfd28714
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d25bcedfa4f824bb411704f5c4885dc9157366ee1158bb409f663ccf019288c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28D1DF31900246DACB249F68C845BFEB7B1EF07300F6C4159EF219B664D2799EC1EB91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C00242: EnterCriticalSection.KERNEL32(00CB070C,00CB1884,?,?,00BF198B,00CB2518,?,?,?,00BE12F9,00000000), ref: 00C0024D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C00242: LeaveCriticalSection.KERNEL32(00CB070C,?,00BF198B,00CB2518,?,?,?,00BE12F9,00000000), ref: 00C0028A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C000A3: __onexit.LIBCMT ref: 00C000A9
                                                                                                                                                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00C67BFB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C001F8: EnterCriticalSection.KERNEL32(00CB070C,?,?,00BF8747,00CB2514), ref: 00C00202
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C001F8: LeaveCriticalSection.KERNEL32(00CB070C,?,00BF8747,00CB2514), ref: 00C00235
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 535116098-3733170431
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d3818ec83071450e6a7d200e705d5dfa3f62796f700bc7fb8f147cb14ebd63b1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c5dfd8ffabb65e767984eb12565c108dc1263d6fcad22da91cca2a2a31450d0e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d3818ec83071450e6a7d200e705d5dfa3f62796f700bc7fb8f147cb14ebd63b1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7918C70A04209EFCB24EF54D8D19BDB7B1FF44308F108A99F8169B292DB31AE45DB51
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00C421D0,?,?,00000034,00000800,?,00000034), ref: 00C4B42D
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00C42760
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00C421FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00C4B3F8
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00C4B355
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00C42194,00000034,?,?,00001004,00000000,00000000), ref: 00C4B365
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00C42194,00000034,?,?,00001004,00000000,00000000), ref: 00C4B37B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00C427CD
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00C4281A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bf085b7d26f1133d92216f626052483f07d8cd285d7cf99ef7d2a297768c79cd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a49d5d75d97e5298bdf487862fa5092f3e92533db8f9511c41d8659c52e4498a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bf085b7d26f1133d92216f626052483f07d8cd285d7cf99ef7d2a297768c79cd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94411D76900218AFDB10DFA4CD86BDEBBB8BF05700F104099FA55B7191DB70AE85DB61
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00C11769
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C11834
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00C1183E
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2506810119-517116171
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ca8e6551c911e12c674e5210ad18705eb89c3c9a25eb476ebc2c8d54e24ca2a7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f08395ccdf7b4b3aaf13d43e405dbba30145ee5a1cf2c1e41167adaddebad5eb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca8e6551c911e12c674e5210ad18705eb89c3c9a25eb476ebc2c8d54e24ca2a7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E31A075A00218EFDB21DF99D881EDEBBFCEB86310F58416AFD1497251D6748E80EB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00C4C306
                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000007,00000000), ref: 00C4C34C
                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00CB1990,00FA5E08), ref: 00C4C395
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9bf3dbd273d6eb08b40a7e1f0e306f9e438d1318924d84d432d459af61e7ed1b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 616814c92264a3b83382dbe849c89e1e3afec596fac1b668054eae530ba412ae
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bf3dbd273d6eb08b40a7e1f0e306f9e438d1318924d84d432d459af61e7ed1b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01419F312053029FD760DF25D8C4B9ABBE8BF85310F00865DF9A5972A1D770E904DB62
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00C7CC08,00000000,?,?,?,?), ref: 00C744AA
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 00C744C7
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00C744D7
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3537ff07fecf6f973c3b2f696d00efd1086429cb5d2eae9e51abbdf26a6c5a0e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 84165356bc6cac9176d7a563d71ec953ef25bab26dfc5fee8f0de2a4a5291866
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3537ff07fecf6f973c3b2f696d00efd1086429cb5d2eae9e51abbdf26a6c5a0e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C318F31210205AFDB258E78DC85BEA77A9EB08334F208715F979921E0DB70ED509750
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C6335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00C63077,?,?), ref: 00C63378
                                                                                                                                                                                                                                                                                                                                                                                • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00C6307A
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C6309B
                                                                                                                                                                                                                                                                                                                                                                                • htons.WSOCK32(00000000,?,?,00000000), ref: 00C63106
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9f62bc792d5d56891b386225441d1ac274990406023bae2965e293ed78686265
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7f7ac8a605293a3f2ff3b49c9e730d36bcc76fcd8ddc80e497d27ed281980db8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f62bc792d5d56891b386225441d1ac274990406023bae2965e293ed78686265
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9031C4356042819FCB20CF69C5C5E6A77E0EF55318F248059E9258B392D732DF85C761
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00C73F40
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00C73F54
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00C73F78
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a56308295873f99eb57cf0b8fb5188f9ea44a0fbe78e6bb4c670d471ae0453c6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fd60c93ac9a82e7a98bf9bd725d91673fa06b3dd73ea66e53af81f77ad629c49
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a56308295873f99eb57cf0b8fb5188f9ea44a0fbe78e6bb4c670d471ae0453c6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B21AD32600259BFDF118E90CC86FEE3B79EB48754F114254FA196B1D0D6B1A9509B90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00C74705
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00C74713
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00C7471A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dba6817af4b313fd5906aeda9444e93a39add5d7f2da8756f81b63513c97f938
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1519bed0f8565a10d09230b030fb54f661704614c472070fadb746bea9b38fba
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dba6817af4b313fd5906aeda9444e93a39add5d7f2da8756f81b63513c97f938
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 042190B5600209AFDB14DF64DCD1EAB37ADEB8A3A4B044159FA149B251CB30ED11CA60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7fe1aa81add8d39207a7180885134d5b83e79005adf2d454ece07e828460c462
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 22947ca73e43204290aadb06782b4c89a305f4c4c1d6112190a66994bf4fde0d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7fe1aa81add8d39207a7180885134d5b83e79005adf2d454ece07e828460c462
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53215B7220413166C331AB25EC02FF773D8FF91320F10803AF96997081EB719E45D295
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00C73840
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00C73850
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00C73876
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1c39e7ad6522c1c427f2bf970c235211f623e976edff28482535b1292faa5fc9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6e844a09369ef2b7f354ddbb7de02ec9c47e069ed1ac625b90b62b8b71d9dc6f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c39e7ad6522c1c427f2bf970c235211f623e976edff28482535b1292faa5fc9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B221C272600119BBEF118F54CC85FBB376EEF89754F11C125F9189B190C672DD5297A0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00C54A08
                                                                                                                                                                                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00C54A5C
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,00C7CC08), ref: 00C54AD0
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9ecad0d46d56a77d256e89dd9fc8caff26b24990e6e48f88ba01f325acd75cbf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2771fb1d53cf89cb62bb35c8fcd72e5347838c57b5530c5c710e226504e1d44a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ecad0d46d56a77d256e89dd9fc8caff26b24990e6e48f88ba01f325acd75cbf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48314F75A00109AFDB10DF64C985EAE7BF8EF08308F1480A9F909DB252D771EE85DB61
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00C7424F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00C74264
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00C74271
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2660f5060971f8be5a3c8e3121e6d5b32f029363d76bfe1a35e0a8ebf0c477e9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1eaffbca9efd388d42fbb7ec9f1befeb0576535e7d5ef9264765d73d211c55d4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2660f5060971f8be5a3c8e3121e6d5b32f029363d76bfe1a35e0a8ebf0c477e9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C411E331240248BFEF205E69CC46FAB3BACEF95B54F114524FA69E2091D371DC619B10
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE6B57: _wcslen.LIBCMT ref: 00BE6B6A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C42DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00C42DC5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C42DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00C42DD6
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C42DA7: GetCurrentThreadId.KERNEL32 ref: 00C42DDD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C42DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00C42DE4
                                                                                                                                                                                                                                                                                                                                                                                • GetFocus.USER32 ref: 00C42F78
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C42DEE: GetParent.USER32(00000000), ref: 00C42DF9
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00C42FC3
                                                                                                                                                                                                                                                                                                                                                                                • EnumChildWindows.USER32(?,00C4303B), ref: 00C42FEB
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 078283d540e6d27f5544ce70542a915ad32694f49142332df84e605a09d634f2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f670417d42e809201935fcdb7b311717003675e6ed4e1419359c1619d0f2e509
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 078283d540e6d27f5544ce70542a915ad32694f49142332df84e605a09d634f2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A51172716002456BCF157F758CC6FED37AABF94314F0480B9BD099B152DE709A49DB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00C758C1
                                                                                                                                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00C758EE
                                                                                                                                                                                                                                                                                                                                                                                • DrawMenuBar.USER32(?), ref: 00C758FD
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1b516952332709335fc9fdb4f155ad4a2b8ce3fcfe18863e6dde75de3534dedb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 194388dbad9f0ce97444f3d50c29938288218251607de51db8e087efee8b63f3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b516952332709335fc9fdb4f155ad4a2b8ce3fcfe18863e6dde75de3534dedb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8016D31500219EFDB619F11DC84BAEBBB4FF45360F10C099E94DD6151DB718A85EF21
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00C3D3BF
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32 ref: 00C3D3E5
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0c91518bd71cb4168f1a40ad0db03d34d8bc49f97cdfd37d687d45c23b39c465
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 93ba23c384a7d5574c85c197bb30b06a4e27f84f6aa52fe5cbcc075feeeea5cc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c91518bd71cb4168f1a40ad0db03d34d8bc49f97cdfd37d687d45c23b39c465
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FDF0E5B14656129FD7A16B11AC98A6E3734AF11701F9980A9F01BE7030DB71CF948F52
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7c00cb6e6e77343bec44cffdb83fb8304c3e099a718f03f564eafa0db86d4b03
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bf4801b0861496669fe2f5c52c75ab2a7b61a94be701c4d4fb3108f6f2eb5fc9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c00cb6e6e77343bec44cffdb83fb8304c3e099a718f03f564eafa0db86d4b03
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3C16D75A40206EFDB14CFA4C898BAEB7B5FF48304F208598E515EB251D771EE81DB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9fe9f13daac20edf32ae723768999743013e26d6c604a4ce76ce7700faa735dd
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0EA16A72D00386AFD719CF59C8817EEBBE4EF67354F2841ADE5559B281C2348AC2E750
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f4fad5b0ef895029697ab5699d0db0a13cce5d81544c2f20e1b0ad99c4d0098b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 20f9293e46766b9506cfbb6da6e10f1708bf2ad846f331f6a33e7d21e1ed226a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4fad5b0ef895029697ab5699d0db0a13cce5d81544c2f20e1b0ad99c4d0098b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CCA147752047409FC710DF29C895A2AB7E5FF88314F04889DF98A9B362DB30EE05CB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00C7FC08,?), ref: 00C405F0
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00C7FC08,?), ref: 00C40608
                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(?,?,00000000,00C7CC40,000000FF,?,00000000,00000800,00000000,?,00C7FC08,?), ref: 00C4062D
                                                                                                                                                                                                                                                                                                                                                                                • _memcmp.LIBVCRUNTIME ref: 00C4064E
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e1abbf359eb2bbf8677506445480bf7c75bff428e85ab6a3d3c3b44a239c1546
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d24bfb0ba51cb3c7aec44871a4765791fe560b0420bc0583465b10fa2d65e60a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1abbf359eb2bbf8677506445480bf7c75bff428e85ab6a3d3c3b44a239c1546
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA81DB75A00109EFCB04DF94C984EEEB7B9FF89315F204598F616AB250DB71AE46CB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00C6A6AC
                                                                                                                                                                                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00C6A6BA
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00C6A79C
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00C6A7AB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BFCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00C23303,?), ref: 00BFCE8A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 517957562d64108d3a2fc237072d7c895f4fc18f010fd96447b709a73aa624a8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e756175684f54ccae45db7775ce3f9f7be477138e91cccf1063bb82a78bd5f49
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 517957562d64108d3a2fc237072d7c895f4fc18f010fd96447b709a73aa624a8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18518D71508340AFD710EF25C886A6FBBE8FF89754F40496DF58997262EB30D944CB92
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 85735fdd4f91d9f86c376346a39ddba2c99511250cacd84d47d181e217014e75
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c448f5c7caf8183d2c321bcc1caeb35faaabe994e8c6727f31e017e66026f0ce
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85735fdd4f91d9f86c376346a39ddba2c99511250cacd84d47d181e217014e75
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F413E35500521ABDB317BBDAC456BE3AA4EF62330F1C4225FC2DD69D1E6748AC1B272
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00C762E2
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00C76315
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00C76382
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7af45c509e1eb99295cb70f95d11bc5603e5dd14a0f879e38554d2ef8e5a6e40
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ba1add34d649d6eebeb0a6b4bbc139806c335e9abab25ab1480d076f121188cc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7af45c509e1eb99295cb70f95d11bc5603e5dd14a0f879e38554d2ef8e5a6e40
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF514F74A00649EFDF10DF64D881AAE7BB5FF45360F148259F929972A0D730EE81CB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 00C61AFD
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00C61B0B
                                                                                                                                                                                                                                                                                                                                                                                • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00C61B8A
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00C61B94
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3f4eee8ba60849dc7d89f8ae0e07fcde191ff6e87b1c51c40a3cde8452ec5f5f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 04fac840866a313c09f856ecbbc54249a00a37769f9c98163fb8b7f47b25622f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f4eee8ba60849dc7d89f8ae0e07fcde191ff6e87b1c51c40a3cde8452ec5f5f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C04171746402006FE720AF25C886F2977E5AB84718F58849CFA2A9F3D3D772DD418B90
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 44aaf8f960ef17fdb00c66169235b7f20a22249f70861f95baad4f27e42c2638
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 98b2336549af0d84b78408303bbf0b6153d3cc96579536170ca80e2f7026d51b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44aaf8f960ef17fdb00c66169235b7f20a22249f70861f95baad4f27e42c2638
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86412971A00314BFD7249F38CC41BEABBE9EB8A710F10852EF511DB681D3719D81AB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00C55783
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 00C557A9
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00C557CE
                                                                                                                                                                                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00C557FA
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: eff10c942da8b96f64c4de365fdc3dda8ff5826a1b7430f077d9ab228cc00571
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dff486197b4ca4b60ae27a265121c08f5ad505157841994c143841504ba0a1d7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eff10c942da8b96f64c4de365fdc3dda8ff5826a1b7430f077d9ab228cc00571
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38414E39610A50DFCB11DF15C494A5EBBF2EF99321B198488EC5AAB362CB30FD45CB91
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00C06D71,00000000,00000000,00C082D9,?,00C082D9,?,00000001,00C06D71,8BE85006,00000001,00C082D9,00C082D9), ref: 00C1D910
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00C1D999
                                                                                                                                                                                                                                                                                                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00C1D9AB
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00C1D9B4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C13820: RtlAllocateHeap.NTDLL(00000000,?,00CB1444,?,00BFFDF5,?,?,00BEA976,00000010,00CB1440,00BE13FC,?,00BE13C6,?,00BE1129), ref: 00C13852
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0dc56998cd4ee78953e107ad5b97eab04915ddfe75cb240f10c34304d19621cc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d0632ff2238b0b55506a464b5900b2eda37d85d58abb481bc5bc6bb0a8dab41e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0dc56998cd4ee78953e107ad5b97eab04915ddfe75cb240f10c34304d19621cc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7531CE72A1020AABDB24DF65DC81EEE7BA5EB42310F054168FC15D7190EB35DE90EBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00C75352
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C75375
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00C75382
                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00C753A8
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9a3421f8f5fdf3100af3189d4b80a8572e6d68cb3654fadf8434fc45ade9ca14
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 16af9a11e6ca026ba2224fea4162ca0c8cb888924c63a6ad6c6574826d1f3ece
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a3421f8f5fdf3100af3189d4b80a8572e6d68cb3654fadf8434fc45ade9ca14
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB31C334A55A0CEFEB309F24CC56FE837A5AB04390F58C105FA29962F1C7F0AE809B51
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 00C4ABF1
                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080,?,00008000), ref: 00C4AC0D
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000101,00000000), ref: 00C4AC74
                                                                                                                                                                                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 00C4ACC6
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e04a91dede7c162a87074a5b83811e7c529e22f2045dc418af03b10d5e86debf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3bdd34712fc6609a467f363667b847958d5a47a45a297450fc8b30898fb63ee4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e04a91dede7c162a87074a5b83811e7c529e22f2045dc418af03b10d5e86debf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8313570A80719AFEF34CB658C84BFE7BA5BB89310F04431AE4A5931D0C3768A819792
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00C7769A
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00C77710
                                                                                                                                                                                                                                                                                                                                                                                • PtInRect.USER32(?,?,00C78B89), ref: 00C77720
                                                                                                                                                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 00C7778C
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a00cf0e5cd7fb0383b1d54a51e0bc506b2c5baf521723170ea18aa390f77c7ed
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 19454872015ccf7334697863fe2cb122bcdfb523924975e45fcc6da6f7cdb102
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a00cf0e5cd7fb0383b1d54a51e0bc506b2c5baf521723170ea18aa390f77c7ed
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8541AD34A05259EFCB06CF59C894FAD77F5FB48314F1882A8E8289B261C330AA41CF90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00C716EB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C43A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00C43A57
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C43A3D: GetCurrentThreadId.KERNEL32 ref: 00C43A5E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C43A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00C425B3), ref: 00C43A65
                                                                                                                                                                                                                                                                                                                                                                                • GetCaretPos.USER32(?), ref: 00C716FF
                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(00000000,?), ref: 00C7174C
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00C71752
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b56b7b1a9a575e98e5b9f6fea0bfc94130be1db42ea344f4df0ad52bba56accf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d12113a512eff1c0e8dcfe6a553fde8a64dfeff45f594171c7a68f20fd4fcf73
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b56b7b1a9a575e98e5b9f6fea0bfc94130be1db42ea344f4df0ad52bba56accf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6313275D00149AFC714DFAAC8C1DAEBBF9EF48304B5480AAE429E7251DB31DE45CBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE7620: _wcslen.LIBCMT ref: 00BE7625
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C4DFCB
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C4DFE2
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C4E00D
                                                                                                                                                                                                                                                                                                                                                                                • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00C4E018
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3af7db1006748647ec749219d7144412efa73aa79d5495c52cb4512cb1d288db
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 26e216d6fa453163fc9776ecb73e2d02c1a676f8766f82214e906cce2400f685
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3af7db1006748647ec749219d7144412efa73aa79d5495c52cb4512cb1d288db
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE21E271900215AFCB20EFA8D881BAEB7F8FF45710F104069E915BB281D7709E41DBA1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF9BB2
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00C79001
                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00C37711,?,?,?,?,?), ref: 00C79016
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00C7905E
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00C37711,?,?,?), ref: 00C79094
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6b2fbc4063586f8c4945209cdb9b552a6a66f708dccde239a6a57147b91aaae3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 89f08ec3dc6719e9f915611b86bf82f5526aa7297a216fb9097544a8b2c43557
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6b2fbc4063586f8c4945209cdb9b552a6a66f708dccde239a6a57147b91aaae3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37217F35610018EFDB258F95C898FFE7BF9FB89360F148159F91947261C7329A90EB60
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,00C7CB68), ref: 00C4D2FB
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00C4D30A
                                                                                                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00C4D319
                                                                                                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00C7CB68), ref: 00C4D376
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4734866fd679562e8a448dd578e3e2e17df953d22c8128c29ff89a54f8ef2742
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1345cdf1c459c1b2d3de7e2cd9e2eda17f4b761a38e88eead6b6d5e19ac2fd29
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4734866fd679562e8a448dd578e3e2e17df953d22c8128c29ff89a54f8ef2742
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB218D705082029F8710EF29C88196E77E4BF56764F504A5DF4AAD32A1D730DE89CB93
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C41014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00C4102A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C41014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00C41036
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C41014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00C41045
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C41014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00C4104C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C41014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00C41062
                                                                                                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00C415BE
                                                                                                                                                                                                                                                                                                                                                                                • _memcmp.LIBVCRUNTIME ref: 00C415E1
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C41617
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00C4161E
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0c9fdfd7ab855a49a56bc3fd4f852b5e9bb01ee18db2b540e9049b8e131d30fd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f218a8c893e1f614961c931fc6fd92cf7f3b8152bebf764caea37eb27534a145
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c9fdfd7ab855a49a56bc3fd4f852b5e9bb01ee18db2b540e9049b8e131d30fd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C219D31E00109EFDF00DFA4C945BEEB7B8FF44354F094459E895AB241E730AA85DBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00C7280A
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00C72824
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00C72832
                                                                                                                                                                                                                                                                                                                                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00C72840
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dad6c21c10574196bc684d1fadf4f0d8a84ee5b9af741280149ddf1aa60a26b0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 826e181cfd1649b3f065f0f77d491e86c05996a97cc375ca5e1ef9e9bd75298c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dad6c21c10574196bc684d1fadf4f0d8a84ee5b9af741280149ddf1aa60a26b0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F21D031204111AFD7149B24C885FAA7B99EF85324F14C15CF42A8B6E2CB72FD82CBD1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C48D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00C4790A,?,000000FF,?,00C48754,00000000,?,0000001C,?,?), ref: 00C48D8C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C48D7D: lstrcpyW.KERNEL32(00000000,?,?,00C4790A,?,000000FF,?,00C48754,00000000,?,0000001C,?,?,00000000), ref: 00C48DB2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C48D7D: lstrcmpiW.KERNEL32(00000000,?,00C4790A,?,000000FF,?,00C48754,00000000,?,0000001C,?,?), ref: 00C48DE3
                                                                                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00C48754,00000000,?,0000001C,?,?,00000000), ref: 00C47923
                                                                                                                                                                                                                                                                                                                                                                                • lstrcpyW.KERNEL32(00000000,?,?,00C48754,00000000,?,0000001C,?,?,00000000), ref: 00C47949
                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(00000002,cdecl,?,00C48754,00000000,?,0000001C,?,?,00000000), ref: 00C47984
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 23d968fc5ea04c81899f42445968d5ec6073650649cf9d5c8fbec491f9310cd2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 549c765d3511b5a1b1fd37dc55af72ae269419e0d9ac370b604c9840b73d23f5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 23d968fc5ea04c81899f42445968d5ec6073650649cf9d5c8fbec491f9310cd2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2811263A200342ABCF15AF38D844E7E77E9FFA5350B40412AF906C72A4EB319901C7A1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00C77D0B
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00C77D2A
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00C77D42
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00C5B7AD,00000000), ref: 00C77D6B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF9BB2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 68f2a3237d92b9df0bac5a0718960a1fde8d27043cc5efbebb957af88a9bf8fa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0ad89dab53c51e9c35d898325ae5f9cb3b34e5d9210371e6348dc8f5d9239fb2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 68f2a3237d92b9df0bac5a0718960a1fde8d27043cc5efbebb957af88a9bf8fa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB119D31604659AFCB209F68CC44BAA3BA5AF45360F258728FC3DD72F0D7319A60DB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001060,?,00000004), ref: 00C756BB
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C756CD
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C756D8
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00C75816
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d4583dce18d5c70013253d4247fb4e6ac402cba2b0f829d7e1dcfd7c72783008
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9044e7c8da1bb9c084a00c75ec847020e8608bc28a7e4a997ab3850fad0e1d34
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4583dce18d5c70013253d4247fb4e6ac402cba2b0f829d7e1dcfd7c72783008
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C911D371A0060896DB209F61CC85BEE7BACEF10760F50C12AFA2DD61C1E7B0DA80CB64
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3302dd6d3d2cbeb80eb6228dfa274ff6f4b49cb840b1bc4d5b0fe7aadae8aef6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9a21c4fe52705373aa1ed978feeafe3c52d01f6b51a124d3020c2ef59b6c4db8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3302dd6d3d2cbeb80eb6228dfa274ff6f4b49cb840b1bc4d5b0fe7aadae8aef6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A60162B22096167EF71226787CC1FAB661DEF433B8F380329FA31551D2DB648D907160
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00C41A47
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00C41A59
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00C41A6F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00C41A8A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9a7f15806364fba247787ee75803b4c9b16459d1ab7488c4e23455678c50a91b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 61ab03ac773fdb0148d976acf7baad5a8f15ad4cced76390b241bbde3bf19574
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a7f15806364fba247787ee75803b4c9b16459d1ab7488c4e23455678c50a91b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED115A3AD01219FFEB10DBA4C984FADBB78FB04350F200091EA00B7290C6716E50EB94
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00C4E1FD
                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(?,?,?,?), ref: 00C4E230
                                                                                                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00C4E246
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00C4E24D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ffb1e11c4002a99910f6c8e210df99dddf86907ddcfcfffa71e07265f6914d63
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: eb54f9e36b79086d8cec0ddb3c3639c2ba3d19046135ff7cb0b245a1d7399c07
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffb1e11c4002a99910f6c8e210df99dddf86907ddcfcfffa71e07265f6914d63
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60110872904215BBC7119BA89C45B9F7FECBB45320F454329F825E3291D6B08E0087A0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,?,00C0CFF9,00000000,00000004,00000000), ref: 00C0D218
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00C0D224
                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00C0D22B
                                                                                                                                                                                                                                                                                                                                                                                • ResumeThread.KERNEL32(00000000), ref: 00C0D249
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6dc6c4078c63c74086ff600c3401fbb83f5f59a57d0e9e9472e3361252f5850a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 607bf5b7e04e3f2ab2e06d9f614247156652d43bb822289e28a8a4adb65ce0f3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6dc6c4078c63c74086ff600c3401fbb83f5f59a57d0e9e9472e3361252f5850a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B014536804205BBCB206BE5DC09BAF3A68EF81331F100228F93A920E0CF70CD81D7A0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00BF9BB2
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00C79F31
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00C79F3B
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00C79F46
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00C79F7A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4f364f0aeae38eeb719de519b964e4dc58ee8c87954c9a1554443037b3288395
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 994595f998ee68df74be397f834dae730ada200ecc602db82b70aed7595b9d17
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f364f0aeae38eeb719de519b964e4dc58ee8c87954c9a1554443037b3288395
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7511573290051AABDB10EFA8D889EEE77B8FB05311F408455F915E3140D730BB91DBA1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00BE604C
                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00BE6060
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00BE606A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: da7293e51369d6a3e278de2d1ad490944d2d500d7c5ec8018a4ccf5624bba457
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ce5bd170eb032e544bd19dd2322ec2d75e38ff7be56b25e76b730abd4ba2c48a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da7293e51369d6a3e278de2d1ad490944d2d500d7c5ec8018a4ccf5624bba457
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5011A172501559BFEF165F959C84FEE7BADEF183A4F040215FA1452011CB32ACA0DB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 00C03B56
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C03AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00C03AD2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C03AA3: ___AdjustPointer.LIBCMT ref: 00C03AED
                                                                                                                                                                                                                                                                                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 00C03B6B
                                                                                                                                                                                                                                                                                                                                                                                • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00C03B7C
                                                                                                                                                                                                                                                                                                                                                                                • CallCatchBlock.LIBVCRUNTIME ref: 00C03BA4
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d43c95508b000b706e2ae856fa1909efc94d2f603eb73648dd1dcd163e059d5d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62014072100188BBDF115F95CC42EEB3F6DEF48758F044414FE5856161C732D961EBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00BE13C6,00000000,00000000,?,00C1301A,00BE13C6,00000000,00000000,00000000,?,00C1328B,00000006,FlsSetValue), ref: 00C130A5
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00C1301A,00BE13C6,00000000,00000000,00000000,?,00C1328B,00000006,FlsSetValue,00C82290,FlsSetValue,00000000,00000364,?,00C12E46), ref: 00C130B1
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00C1301A,00BE13C6,00000000,00000000,00000000,?,00C1328B,00000006,FlsSetValue,00C82290,FlsSetValue,00000000), ref: 00C130BF
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 37944c84ff4e175974d0e3773eed073004b03c06c0475ba92c227c6ba964b789
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bc6b2268b10e97790f5663e67ce2b668251b42b37e723af756c904919d6a39bc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37944c84ff4e175974d0e3773eed073004b03c06c0475ba92c227c6ba964b789
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1901FC32301663ABC7314B799C84B9B7BD89F4A765B110624F919E3180D721DA81D7E0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00C4747F
                                                                                                                                                                                                                                                                                                                                                                                • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00C47497
                                                                                                                                                                                                                                                                                                                                                                                • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00C474AC
                                                                                                                                                                                                                                                                                                                                                                                • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00C474CA
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5d9999d58ba20f8b02ad14debd19d661097acb0e67bd0b09e436305801961b3e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 553fa08ccfaa2fda582c47d4d17c6cf89974b0143b4b39fba2cf046cdf5492c4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d9999d58ba20f8b02ad14debd19d661097acb0e67bd0b09e436305801961b3e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B911ADB1205311ABE7208F14DC48BB67FFCFB00B00F10866DA62AD6191D7B0E944DFA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00C4ACD3,?,00008000), ref: 00C4B0C4
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00C4ACD3,?,00008000), ref: 00C4B0E9
                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00C4ACD3,?,00008000), ref: 00C4B0F3
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00C4ACD3,?,00008000), ref: 00C4B126
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9230a73562189fd9e3e684097d5c685870e74e2acd37c741ad642ced58d29ce2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c97774f918f4aa177cb53d4e665aaa071d64703f340fb55a5980a1e9a7dea48a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9230a73562189fd9e3e684097d5c685870e74e2acd37c741ad642ced58d29ce2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F115B71C0192DE7CF04AFE5E9987EEBB78FF09711F104099D951B2181CB309A90CB51
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00C77E33
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00C77E4B
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00C77E6F
                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00C77E8A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a430fe04a290033cf81e6b448d1bb2eeca1bba93b1de60b39c3e7c721ea2f072
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7274f3ad9bb1b12d4f0c2020475c4d4312d95b19cdc41d0fe9bb4555c0efeb63
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a430fe04a290033cf81e6b448d1bb2eeca1bba93b1de60b39c3e7c721ea2f072
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D51144B9D0020AAFDB41DF98D884AEEBBF5FF08310F509156E915E3210D735AA94CF51
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00C42DC5
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00C42DD6
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00C42DDD
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00C42DE4
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1ed90ae68dc27beb228ac6fe79aa0dd6c45b7d191345244872efac9dd051b2b4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cd3a47b2554f3831a94973f5e5834cf201f74163b10a9f0dbef73501fed10a8c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ed90ae68dc27beb228ac6fe79aa0dd6c45b7d191345244872efac9dd051b2b4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8BE01271501625BBD7201B739C8EFEF7E6CFF56BB1F800119F509D10909AA5C981C6B0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00BF9693
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9639: SelectObject.GDI32(?,00000000), ref: 00BF96A2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9639: BeginPath.GDI32(?), ref: 00BF96B9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BF9639: SelectObject.GDI32(?,00000000), ref: 00BF96E2
                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00C78887
                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,?,?), ref: 00C78894
                                                                                                                                                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 00C788A4
                                                                                                                                                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 00C788B2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3198a2d1a32dd29d69768e3d5ac907f69763790c4ef154cb20bf4d47d84ada42
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ffc821e00a922376615cb525c03920abe57df182c95704d41d6dbba3ee5ec205
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3198a2d1a32dd29d69768e3d5ac907f69763790c4ef154cb20bf4d47d84ada42
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3CF03A36041259BADB126F94AC0DFCE3E59AF06710F448104FB25650E1C7755665CBE5
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000008), ref: 00BF98CC
                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00BF98D6
                                                                                                                                                                                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 00BF98E9
                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000005), ref: 00BF98F1
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 24610d50ea41fa94060d7629b892f7c983e4f4d277eaf84c63ca219ef52a66e3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f8cad9d447c39fc71753695eaacbc6cd9a7a7adb60fcd268457a94e3c2f08604
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 24610d50ea41fa94060d7629b892f7c983e4f4d277eaf84c63ca219ef52a66e3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96E06D31244285ABEB215B78AC49BEC3F60EB12376F14C32DF6FA580E1C3B246809B10
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 00C41634
                                                                                                                                                                                                                                                                                                                                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,00C411D9), ref: 00C4163B
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00C411D9), ref: 00C41648
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,00C411D9), ref: 00C4164F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 41307b1b617f933b2e46d653e8da9aabd475a7294d074c042b027afb4bfc03a8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0a506358e34efd90d076052ee90b9b0e7a2505cec25f60d1624c65b880ee39b9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41307b1b617f933b2e46d653e8da9aabd475a7294d074c042b027afb4bfc03a8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3E08631601212DBD7201FA0AD4DB8A3B7CFF447A1F19480CF699D9090D63485C0C7A4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00C3D858
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00C3D862
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00C3D882
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?), ref: 00C3D8A3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2b72302fdc2359c586eca1bb5dd1e17b6052f520882c7d60640a0ac7d08ee8a3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2d75af1cb7fb40293165b5e96519d851438959a7285e507c0e8054803c315c60
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b72302fdc2359c586eca1bb5dd1e17b6052f520882c7d60640a0ac7d08ee8a3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83E01AB0800206DFCB41AFA1D88876DBBF2FB08310F108049F81AE7250CB385985AF80
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00C3D86C
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00C3D876
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00C3D882
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?), ref: 00C3D8A3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: edad8024a4a507674768a1cb40cf37f13543fdb8e3e936a91d91232009ec2cfc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6933cc13cc49540759bc34ace861eb6c06c976a47936aa7049899162d36aaced
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: edad8024a4a507674768a1cb40cf37f13543fdb8e3e936a91d91232009ec2cfc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1BE09A75800205DFCB51AFA1D88876DBBF5BB08311B148449F95AE7250DB3859459F50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE7620: _wcslen.LIBCMT ref: 00BE7625
                                                                                                                                                                                                                                                                                                                                                                                • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00C54ED4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 28b1caae36ed002f3e59e2097ca6aacb785126e49c34f6bbcab1f8d5dde973c7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4d04edf7cb7f6c51c2f04407856a7b5b0d99623f54828b52e92b81b49b0d9751
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28b1caae36ed002f3e59e2097ca6aacb785126e49c34f6bbcab1f8d5dde973c7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 239151799002449FCB18DF99C494EA9BBF1BF44308F148099E81A5F352D771EEC9CB95
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __startOneArgErrorHandling.LIBCMT ref: 00C0E30D
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                                                                                • String ID: pow
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 305de2701be41cb87a45dee299a2a1fa2dcea7670f3c566b4a0e8d79c7760935
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 695742f0cfdc613b4b41125760011c00da9f63485b8baa9e9b68586365e34ce0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 305de2701be41cb87a45dee299a2a1fa2dcea7670f3c566b4a0e8d79c7760935
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70513A71A4C2069ACB157754D9013FE2FF4AF41740F344EA8E4A5822F9EB348DD1FA86
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: #
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3cbcd824ff2c6a1e030cb11dfeb813bba3cec9c255bc550ed7421e881355cd09
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ff2af06037e09f06d9ba0994cb3ab2e43f06914dfb4f2f91537cc4a1c93a1d02
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3cbcd824ff2c6a1e030cb11dfeb813bba3cec9c255bc550ed7421e881355cd09
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E51237590024ADFDB15DF28C481ABE7BE4EF56310F244095F9A19B2E0E730DE46CBA0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 00BFF2A2
                                                                                                                                                                                                                                                                                                                                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 00BFF2BB
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3819c673cabc6110c3a72c6c4fa7dcf0adb95b8f9ed2986a22aa1bb199391e47
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c380c5814f0b89860f6fff86bd8b75cd3c5a12b00b4aa588aa5a57f78db4169e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3819c673cabc6110c3a72c6c4fa7dcf0adb95b8f9ed2986a22aa1bb199391e47
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 765137714087859BD320AF11EC86BAFBBF8FF84300F81889DF1D941195EB718569CB66
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00C657E0
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C657EC
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a79638fcdd861eb10df40ee8abb16ddd203feab17a9ea8ed7ebe7a5125eefb30
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5a9f47a3bed5f95161c51a2cff443cf0cf1e38e8eb8a0cc90e73f923a679a1f0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a79638fcdd861eb10df40ee8abb16ddd203feab17a9ea8ed7ebe7a5125eefb30
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4141A071A0020A9FCB24DFA9C8C19BEBBF5FF59314F204069E515A7292E7309E85CB90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C5D130
                                                                                                                                                                                                                                                                                                                                                                                • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00C5D13A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: |
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5eb09c4cc7eaf74285c7cd311c0cda24d83a85a98f6aec599d51d4acf1148b04
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b724747b96649a139ac75927d279433e14b54423cf72e795c82de3749cac4817
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5eb09c4cc7eaf74285c7cd311c0cda24d83a85a98f6aec599d51d4acf1148b04
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37313E75D00209ABCF15EFA5CC85AEF7FB9FF14350F000059F815A61A1DB31AA46DB64
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?), ref: 00C73621
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00C7365C
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3fc917e746976f17e2308535e47c87bebbedf0a7f700c4eb29609d0278b82520
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1f35f99e260390904357b8500b792041b547cc2caf8b6d0dbcdfcfe1a31346e5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3fc917e746976f17e2308535e47c87bebbedf0a7f700c4eb29609d0278b82520
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94318B71110244AADB109F78DC80FFB73A9FF88720F10C619F9A997290DA31AE81E764
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00C7461F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00C74634
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID: '
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 20046dff56681c2af71e38669c027cc411da4961aa77c482cd7802d6fdf871b4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f747621990920651eae308dbdf39d83d2dbe719ae5dc66ec68331c48582a0b4c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20046dff56681c2af71e38669c027cc411da4961aa77c482cd7802d6fdf871b4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39313874A0020A9FDB18CFA9C991BDA7BB5FF09300F14806AE918AB351D770EA41CF90
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00C7327C
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00C73287
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 98da8161a47b1ab86e5013a6b3f2d1144f59a32a5c57e9e0366cdce1bf585bc1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ce6bc76fd8258dbf87c02d7f0d104e4de926e4123299274c1148592db0a657ef
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 98da8161a47b1ab86e5013a6b3f2d1144f59a32a5c57e9e0366cdce1bf585bc1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB11B6713001497FEF159E54DC84FBB3B6AEB583A4F108128F92C97292D6319E519760
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00BE604C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE600E: GetStockObject.GDI32(00000011), ref: 00BE6060
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00BE606A
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00C7377A
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000012), ref: 00C73794
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f29af8d8a2a89ea7940cddbb2c6f832e9f7be632b63021c5a1b3a86db6934717
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e8e5d31291bed66385bbf2d1c03cd451f89aac175ba02cec23e7bbb983182c08
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f29af8d8a2a89ea7940cddbb2c6f832e9f7be632b63021c5a1b3a86db6934717
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BB1129B261020AAFDB00DFB8CD85EEE7BB8FB08354F018918F969E2250D735E9519B50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00C5CD7D
                                                                                                                                                                                                                                                                                                                                                                                • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00C5CDA6
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                                                • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d4b7cd31f648cf9db4c6882ed6f6738b24dafdd465d4d252085f6548a820c3e3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 128ba4308312f3f73ac45159a6be9603596f8704b790ba5cffc9e4f791138d6f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4b7cd31f648cf9db4c6882ed6f6738b24dafdd465d4d252085f6548a820c3e3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A11A3792057367ED7284B668CC5FE7BEB8EB127A5F00422AF919C2080D6609998D6F4
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextLengthW.USER32(00000000), ref: 00C734AB
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00C734BA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: edit
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 197d2609bae3371d83f0a874dcd2c15769ee89f3b36ffb4eb34227613c5a26d1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6023c0038ef44ff1253cc7063b25c4a97575b217fd4f4fa4f1bdaadd7650093f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 197d2609bae3371d83f0a874dcd2c15769ee89f3b36ffb4eb34227613c5a26d1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4911BF71200148ABEB164E64DC84BAB3B6AEB14374F508724FA79931D0C732DE91AB50
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?,?), ref: 00C46CB6
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00C46CC2
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1caff7ef80adc3b1cec74ee3ea9f4c49cb333bf8abb9dbf54dbe9c345f99f10f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6dc85898278a9ff865e19b982f2708c516dbf02041216c5cd5be879711e9b5bb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1caff7ef80adc3b1cec74ee3ea9f4c49cb333bf8abb9dbf54dbe9c345f99f10f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5501C032A105278ACB20AFFEDCC09BF77F9FF627147500928E86296198EB31DE40C651
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C43CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00C43CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00C41D4C
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 312ed86e94e3afc59a1b8be3e58638c44b7a442a9cc9c9349ed693767a24dad9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a270aada65aabe54d55134bc7e36f0c1b9f73f841c6250698610eca919c4fee8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 312ed86e94e3afc59a1b8be3e58638c44b7a442a9cc9c9349ed693767a24dad9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9001D871A41215AB8B15FFA5CC51DFE77A8FB46390B140A19FC72573D1EB30594C8660
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C43CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00C43CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000180,00000000,?), ref: 00C41C46
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c61a9ec783245aaeb47b8d61ca75285f53ac2685bf7a14d3e482c6cdee40fed4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 971ad51796eac13c33c6d8676418ce79222a7605aec0d2380d1de8138b7e2ccd
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c61a9ec783245aaeb47b8d61ca75285f53ac2685bf7a14d3e482c6cdee40fed4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0901A77568115967CB14FB91CD91AFF77E8AB52380F140019BC5667281EA209F4C96B1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C43CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00C43CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000182,?,00000000), ref: 00C41CC8
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bf25f535854a25fe86eb8f19fbb7b7febe6674e245c4c6a3415fcac17e570552
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f2eb340ccd64a38eefb36c4a4be6ed07dfffe2d706a0131ba0f7e2a6bcb91538
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bf25f535854a25fe86eb8f19fbb7b7febe6674e245c4c6a3415fcac17e570552
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C01D67169015967CB14FBA5CE81AFE77E8AB12380F580019BC4273281FA209F8CD671
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BE9CB3: _wcslen.LIBCMT ref: 00BE9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C43CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00C43CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00C41DD3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a0e6509345eefbec47f71358e940b1402fbab1dbbf0d3248108ef61e71b67e8e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cb619febd808e54cee4bb0289f2249267688e4d3fb31847339d353f5c919f2e6
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0e6509345eefbec47f71358e940b1402fbab1dbbf0d3248108ef61e71b67e8e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5CF0A4B1F5121567DB15F7A5CC92BFE77A8BB02390F580919BC62632C1EB605A4C8260
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8e99bf54cdb2714123404209552a80b11ddd034015c2bc03f9b90b06fb9cf723
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5f0bc55c41dfbfc391c99c332750036c401053e052e12653e4c348ff989dc9bd
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e99bf54cdb2714123404209552a80b11ddd034015c2bc03f9b90b06fb9cf723
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0E02B4220522010D23512799CC5A7F568DDFC5B507101D3BFE81C22A6EE948E91E3A0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00C40B23
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b61c9dc57d6fe55a062796782215e45c896bc2fb7ce1cb51dfd35d59807273ac
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 17def4ef2e1d87eb08d66965705fd479b0c6737ba283981ff61cfbee678ab522
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b61c9dc57d6fe55a062796782215e45c896bc2fb7ce1cb51dfd35d59807273ac
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11E0D83228430A26D21436547C43F997BC49F05B65F10447EFB5C594C38AE1649046A9
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00BFF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00C00D71,?,?,?,00BE100A), ref: 00BFF7CE
                                                                                                                                                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,00BE100A), ref: 00C00D75
                                                                                                                                                                                                                                                                                                                                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00BE100A), ref: 00C00D84
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00C00D7F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4ea7b1e6a04a4fc0c669378b15698eba070628fefd3f1ada723f85a732ea57f6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 433ad7cdd989c985f5c124404aeeb582e943f8eab71377edcc4ac891155bd96c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4ea7b1e6a04a4fc0c669378b15698eba070628fefd3f1ada723f85a732ea57f6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96E092B02007428BD330AFB9E8483567BE0BF00740F01896DE49AC7692EBF4E584CBA1
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00C5302F
                                                                                                                                                                                                                                                                                                                                                                                • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00C53044
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                                                • String ID: aut
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 65b0b80d368839094b786713b6dbe1ca5a96e7a9a885a887426c395431bf2428
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3b4abac032d65c42cc39de1cfb0c1f2ba1f88aaf2c0af547f0b2746c8dd22875
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65b0b80d368839094b786713b6dbe1ca5a96e7a9a885a887426c395431bf2428
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0D05EB250032967DB20A7A4AC4EFCB3A6CDB05750F0002A1B669E2092DAB49E84CBD0
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1c86ad74fe65bc182f7e20cf97f91209889a99eb0d4a2d04cfb6bcef6a83388f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f1ae9f8b66fb74b204dacc163fb01888bbd72a46b193df453f3967abc1779121
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c86ad74fe65bc182f7e20cf97f91209889a99eb0d4a2d04cfb6bcef6a83388f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52D012A1819109E9CB9096E1EC859BBB3BCBB08301F6084A2F907D2041D635C9586B61
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00C7236C
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000), ref: 00C72373
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4E97B: Sleep.KERNEL32 ref: 00C4E9F3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 467bb938c448cd4bf03b63ab7a3a6819c2beb718d23bde9e67b4c204d472de86
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0427e3e46c4a6f69bf612512923a63f11ff3b9795c7a40047d0088e65e961fd2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 467bb938c448cd4bf03b63ab7a3a6819c2beb718d23bde9e67b4c204d472de86
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AFD012327D5311BBE7A4B771EC8FFCA7A18AB15B14F01491AB749EA1D0C9F0B881CA54
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00C7232C
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00C7233F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00C4E97B: Sleep.KERNEL32 ref: 00C4E9F3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1975d0dd01d6d62883cfaed66cf05867cb03b8607c9f84723d822fc36dffa970
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 010e1554d40dfa0acc9bdb22c730637c602a258399aee1dc044b4b18e02eb558
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1975d0dd01d6d62883cfaed66cf05867cb03b8607c9f84723d822fc36dffa970
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8D01236794311B7E7A4B771EC8FFCA7A18AB10B14F01491AB749EA1D0C9F0A881CA54
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00C1BE93
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00C1BEA1
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00C1BEFC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2141793907.0000000000BE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00BE0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141756880.0000000000BE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000C7C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141898839.0000000000CA2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2141994576.0000000000CAC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2142029679.0000000000CB4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_be0000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 72146adacb8a9aa8bba8dc5d877b86fc328a7dd0a8519b2563da3c4af11a52d0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 056c6f095578f4cf14e5289b7b2e5bb65049e1b7e807f6e5bd4336f1e7d9077f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72146adacb8a9aa8bba8dc5d877b86fc328a7dd0a8519b2563da3c4af11a52d0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2141A638604206EFCF219FA5CD44BEA7BA59F43310F144169F969571E1DB308E82EF60

                                                                                                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                Execution Coverage:0.4%
                                                                                                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                Signature Coverage:100%
                                                                                                                                                                                                                                                                                                                                                                                Total number of Nodes:6
                                                                                                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                                                                                                                                execution_graph 5000 1eb30892377 5001 1eb30892387 NtQuerySystemInformation 5000->5001 5002 1eb30892324 5001->5002 5003 1eb308b3df2 5004 1eb308b3e49 NtQuerySystemInformation 5003->5004 5005 1eb308b21c4 5003->5005 5004->5005

                                                                                                                                                                                                                                                                                                                                                                                Callgraph

                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000011.00000002.3341607499.000001EB30890000.00000020.00000001.00020000.00000000.sdmp, Offset: 000001EB30890000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_17_2_1eb30890000_firefox.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 564874c8b4110d42ffc48a465e922763bd86776d926bc7bd213a33e5db521493
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97A3B531618A598BDB2EEF28DC867EA77D5FB55300F04422EDD4BC7651DB30EA428B81